http://bugzilla.opensuse.org/show_bug.cgi?id=934256 Bug ID: 934256 Summary: Passwords maintained by Filezilla are easily recovered in some cases Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Greg.Freemyer@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I'm testing with LaZagne: http://www.kitploit.com/2015/02/the-lazagne-project-recover-most-common.html Or in OBS @ home:gregfreemyer:Tools-for-forensic-boot-cd LaZagne Running LaZagne under my normal user account recovered one filezilla stored passwd. The amount of time taken was near instantaneous so I believe the password was simply decoded, not cracked in the sense of "John the ripper". The password was associated with a SFTP account, so it is a password I consider needing to be kept securely. I don't know if Filezilla simply handles passwords poorly or if it can be compiled differently to store passwords securely. -- You are receiving this mail because: You are on the CC list for the bug.