FileZilla Client — Cleartext Storage of Sensitive Information in Memory Vulnerability (CVE-2022–29620)

Description of the Vulnerability

Reproducing of Attack

Real World Attack Example

Remediation

Do not hard code sensitive data in programs.

Disable memory dumps.

Do not store sensitive data beyond its time of use in a program.

Do not store sensitive data in plaintext (either on disk or in memory).

Securely erase sensitive data from memory.

If you must store sensitive data, encrypt it first !!

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store