The FileZilla client stores passwords using a weak XOR 'encryption'. The value of the cipher key is static and can be found in the source code. This vulnerability has been successfully tested on versions 2.2.14b and 2.2.15. However, it is suspected that most previous versions are also affected.
637a74e948d0d2743a1666cf0c8f157510b94187658ebc3cb5fd4b191d073685