FileZilla FTP Client Hard-Coded Cipher Key Vulnerability

info
discussion
exploit
solution
references

FileZilla FTP Client Hard-Coded Cipher Key Vulnerability

FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers.

The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the Windows Registry.

This can allow the attacker to gain access to an FTP server with the privileges of the victim.