CVE-2005-2898: Weak Encryption

Published Sep 14, 2005
·
Updated

** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently."

Affected Software

2 affected components
FileZilla FileZilla=2.2.14b
FileZilla FileZilla=2.2.15

Event History

Sep 14, 2005
CVE Published
via MITRE·08:00 AM
Data Sourced
via MITRE·08:00 AM
Description
Disputed
08:03 PM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2005-2898?

CVE-2005-2898 is considered to be of medium severity due to its potential to expose sensitive user passwords.

2

How do I fix CVE-2005-2898?

To fix CVE-2005-2898, you should upgrade to a later version of FileZilla where the weak encryption vulnerability is addressed.

3

Which versions of FileZilla are affected by CVE-2005-2898?

CVE-2005-2898 affects FileZilla versions 2.2.14b and 2.2.15, and possibly earlier versions.

4

Can local users exploit CVE-2005-2898?

Yes, local users can exploit CVE-2005-2898 to obtain sensitive passwords stored in the configuration file when secure mode is disabled.

5

Is CVE-2005-2898 still a concern for current users of FileZilla?

CVE-2005-2898 is only a concern for users still using the vulnerable versions of FileZilla 2.2.14b and 2.2.15.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203