plain-text password logged in Debug Log

Advertisement

schopc3
Joined:
Posts:
2
Location:
Denver, CO

plain-text password logged in Debug Log

When enabling the debug log from the .NET class using a log level of "Normal" we see passwords in the Debug log. Some passwords are masked with * but others are left in plain-text. This seems to be undocumented behavior with no way to disable password logging. Is there a way to prevent plain-text passwords from being written to the debug log?

Below are some relevant excerpts from the debug log. The entry in question starts with "Output: [winscp> open" where the ftp info has been obfuscated by me:

---beginning of log---
[2015-10-14 13:19:07.383Z] [0001] Executing Assembly: WinSCPnet, Version=1.2.9.5553, Culture=neutral, PublicKeyToken=2271ec4a3c56d0bf; Path: D:\WinSCPnet.DLL; Location: D:\WinSCPnet.dll; Product: 5.7.4.0
.
.
.
[2015-10-14 13:19:07.383Z] [0001] Operating system: Microsoft Windows NT 6.2.9200.0
.
.
.
[2015-10-14 13:19:07.384Z] [0001] Runtime: 4.0.30319.18449
.
.
.
[2015-10-14 13:19:07.395Z] [0001] Version of D:\WinSCP.exe is 5.7.4.5553, product WinSCP version is 5.7.4.0
.
.
.
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option batch on]
[2015-10-14 13:19:07.568Z] [0001] Output: [batch on ]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option confirm off]
[2015-10-14 13:19:07.568Z] [0001] Output: [confirm off ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option reconnecttime 120]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> open "ftp://user:password@ftp.servername.com:21" -passive=1 -timeout=15 -rawsettings FtpUseMlsd="2" Timeout="300"]
[2015-10-14 13:19:07.568Z] [0001] Output: [Connecting to ftp.servername.com ...]
.
.
.
---log truncated---

Reply with quote

Advertisement

schopc3
Joined:
Posts:
2
Location:
Denver, CO

Re: plain-text password logged in Debug Log

martin wrote:

Debug log is for debugging. You may need to see the password to debug a problem.
I am using WinSCP.exe plus the .NET component in an automated environment where I want to let users configure the system to write a debug log to disk in cases where they think the remote FTP server or interaction with the WinSCP component is the problem. Short of me doing some post-processing on the debug log, which is unreliable since I am not the maker of the log, we have potential to have passwords sitting in plain-text in a server-environment. When writing the log the password is known so can we have an option to mask all instances of it before writing the debug log to disk? If the option were added, it seems logical to make masking the password the default behavior and make users flip a bit to log the password in plain-text.

Reply with quote

Advertisement

You can post new topics in this forum