Why FTP is not secure

Similar to TELNET, FTP (File Transfer Protocol) was also not built to be secure. FTP (File Transfer Protocol) and TELNET were designed for networks of 1960s, 1970s and 1980s. During those periods, the computer networks were considered safe. FTP is considered as insecure protocol because it transfers user authentication data (username and password) and file data as plain-text (not encrypted) over the network. Because of this, FTP (File Transfer Protocol) is vulnerable to password sniffing, data spoofing, and other network attacks.


FTP (File Transfer Protocol) traffic between an FTP client and FTP server is not encrypted, unless VPN, or secure alternatives of FTP are used.


Secure alternatives of FTP (File Transfer Protocol) are FTPS (File Transfer Protocol Secure) and SFTP (Secure File Transfer Protocol). FTPS is an extension of FTP, which provides more security by using SSL/TLS features, but SFTP is an extension of SSH (SecureShell), which is a widely used secure network protocol.

Following image is a screenshot of Wireshark network traffic capture, which shows plain-text FTP (File Transfer Protocol) is highly insecure and dangerous.


Related Tutorials
What is FTP (File Transfer Protocol)
Important RFCs related with FTP
What is anonymous FTP
FTP Active vs Passive modes
Different types of FTP Client software
How to use FTP Active mode in FileZilla Client
FTP Commands
FTP Response Codes
Important commands in Windows command-line FTP client
How FTP works
Differences Between FTPS and SFTP
How to install FileZilla FTP Server
How to add a user in FileZilla FTP Server
How to add anonymous user account in FileZilla FTP Server
How to configure TLS (FTPS) in FileZilla FTP Server
Difference between Require explicit FTP over TLS and Require implicit FTP over TLS
How to install FileZilla FTP Client
How to login to a FTP Server using FileZilla FTP Client
FileZilla Site Manager
How to login to a FTP Server using Windows Command-line FTP Client