Topic "possibly inappropriate behavior after network error"

Author Message
alsq
[View user's profile]

Joined: 2011-08-10
Posts: 2
First: thanks for a GREAT piece of software. This is the first time I ran into any issue, and (in my case, now, at this time) it's not that big. The reason why I'm reporting it is that it may affect security in general.

WinSCP version 4.3.2. build 1201 running on a Windows XP SP3 system, which is in fact a virtual machine (VMware). The server at the other end is an lpar (logical partion) on a Power7 AIX 6.1 64 bit machine. The connection is over a VPN.

On establishing (i.e. while extablishing it) an SCP session, some kind of network error occurred (not sure what). WinSCP complained it could not list the home directory of the user provided (let's call it user1). I had previously successfully authenticated with user1 using WinSCP on the same setup, so IMHO this is likely a genuine network error; it happens. WinSCP asked to try again, I said OK. WinSCP asked again for login credentials. This second time I provided credentials for a different user (call it user2). The SCP session was successfully reestablished, but here it gets interesting. I had provided the credentials of user2, yet I was shown the home directory of user1. I was curious, and proceeded to transfer a file from the windows client to the home directory of user1. In fact, user2 happens not to have appropriate rights on the home directory of user1, and the transfer correctly failed. At this point I terminated the session and started a new one.

Unfortunately there is not much I can provide by way of further details, as I did not make a note of the network error code (if one was reported, can't remember). This behavior, tho, is peculiar enough I thought it was worth this post. I realize it can be daunting to duplicate, sorry!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
WinSCP would really behave this way in the scenario you describe. I'll try to think of another solution. Thanks for pointing this out!
_________________
Martin Prikryl
alsq
[View user's profile]

Joined: 2011-08-10
Posts: 2
prikryl wrote:
WinSCP would really behave this way in the scenario you describe. I'll try to think of another solution. Thanks for pointing this out!


So this is in fact something useful I reported, thanks for the feedback. Glad I could help.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License