CVE-2005-2898

Name of the Vulnerable Software and Affected Versions FileZilla versions 2.2.14b through 2.2.15 FileZilla versions prior to 2.2.14b

Description The issue concerns the use of a weak encryption scheme to store user passwords in the configuration settings file when "Use secure mode" is disabled. This allows local users to obtain sensitive information. The vendor has disputed this issue, stating it is a fundamental problem with programs that store passwords transparently.

Recommendations For FileZilla versions 2.2.14b through 2.2.15, consider enabling "Use secure mode" to mitigate the risk of password exposure. For FileZilla versions prior to 2.2.14b, consider enabling "Use secure mode" or avoiding the storage of sensitive passwords in the configuration settings file until a more secure method is implemented. As a temporary workaround, consider restricting access to the configuration settings file to minimize the risk of exploitation.