N/A

NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.

N/A

N/A

FileZilla FTP客户端硬编码密钥漏洞

FileZilla是一款Windows平台的开放源码FTP/SFTP客户端。 FileZilla将配置设置保存在XML文件或Windows注册表中，具体取决于安装时用户的偏好。但任何一种保存方式都是将除口令以外的配置设置以明文保存的，而口令是以很弱的XOR加密保存的，很容易恢复。XOR加密方法总是使用相同的硬编码加密密钥，任何人都可以分析应用程序的源码找到密钥。注意：这个漏洞厂商存在争议。

N/A

N/A