CVE-2005-2898

FileZilla <2.2.15 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2898. PoCs published by [email protected].

AI-analyzed exploit summary This exploit decrypts FileZilla FTP client passwords stored in XML or the Windows Registry using a hard-coded cipher key. It converts numeric ASCII values to characters and applies XOR decryption with the key.

Description

NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · cdoswindows

https://www.exploit-db.com/exploits/26220

View Code ZIP pw:eip

This exploit decrypts FileZilla FTP client passwords stored in XML or the Windows Registry using a hard-coded cipher key. It converts numeric ASCII values to characters and applies XOR decryption with the key.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FileZilla FTP client (versions prior to fix for CVE-2005-2898)

No auth needed

Prerequisites: Access to the victim's FileZilla configuration files or Windows Registry

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Product x_refsource_misc

http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/22135

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14730

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=112577523810442&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=112605448327521&w=2

Scores

EPSS 0.0050

EPSS Percentile 38.5%

Details

Status published

Products (2)

filezilla/filezilla 2.2.14b

filezilla/filezilla 2.2.15

Published Sep 14, 2005

Tracked Since Feb 18, 2026