Differences
This shows you the differences between the selected revisions of the page.
faq_password 2015-12-23 | faq_password 2022-09-20 (current) | ||
Line 2: | Line 2: | ||
Yes you can. And in fact anybody with access to your computer can do it too. That's why you should **NEVER** [[security_credentials#storing_password|store your password]] to WinSCP session without using [[master_password|master password]]. Read more about [[security_credentials|security of stored credentials]]. | Yes you can. And in fact anybody with access to your computer can do it too. That's why you should **NEVER** [[security_credentials#storing_password|store your password]] to WinSCP session without using [[master_password|master password]]. Read more about [[security_credentials|security of stored credentials]]. | ||
- | One way is to recover your password is enabling a password logging in preferences. See //[[ui_pref_logging|Log passwords and other sensitive information]]// preference option. Then inspect the session log file to find the stored password. | + | One way is to recover your password is enabling a password logging in preferences. See //[[ui_pref_logging|Log passwords and other sensitive information]]// preference option. Then inspect the session log file to find the stored password: |
<code> | <code> | ||
- | . 2015-07-02 18:44:56.823 -------------------------------------------------------------------------- | + | . 2019-08-13 07:41:11.313 --------------------------------------------------------------------- |
- | . 2015-07-02 18:44:56.823 WinSCP Version 5.7.4 (Build 5553) (OS 6.3.9600 - Windows 8.1) | + | . 2019-08-13 07:41:11.313 WinSCP Version 5.15.3 (Build 9730) (OS 10.0.18362 - Windows 10 Enterprise) |
- | . 2015-07-02 18:44:56.823 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\ | + | . 2019-08-13 07:41:11.313 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\ |
- | . 2015-07-02 18:44:56.823 Log level: Normal, Logging passwords | + | . 2019-08-13 07:41:11.313 Log level: Normal, Logging passwords |
... | ... | ||
- | . 2015-07-02 18:44:56.823 -------------------------------------------------------------------------- | + | . 2019-08-13 07:41:11.313 --------------------------------------------------------------------- |
- | . 2015-07-02 18:44:56.823 Session name: My server (Site) | + | . 2019-08-13 07:41:11.313 Session name: My server (Site) |
- | . 2015-07-02 18:44:56.824 Host name: example.com (Port: 22) | + | . 2019-08-13 07:41:11.313 Host name: example.com (Port: 22) |
- | . 2015-07-02 18:44:56.824 User name: martin (Password: mypassword, Key file: No) | + | . 2019-08-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No) |
</code> | </code> | ||
- | You can also abuse a [[ui_generateurl|Generate Session URL/Code function]] to retrieve the saved password. Note that special symbols in the password may get URL-encoded, see a [[session_url#special|decryption key]]. | + | You can also abuse a [[ui_generateurl|Generate Session URL/Code]] function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the [[ui_generateurl#code|.NET assembly code]], where only double-quotes are escaped (in all supported languages). |
**Remember**, once you recover your password, change it to a new one, and **DO NOT** store it again! | **Remember**, once you recover your password, change it to a new one, and **DO NOT** store it again! | ||
If you want to continue storing your password, protect it by [[master_password|master password]]. | If you want to continue storing your password, protect it by [[master_password|master password]]. |