Differences

This shows you the differences between the selected revisions of the page.

faq_password 2015-12-23 faq_password 2022-09-20 (current)
Line 2: Line 2:
Yes you can. And in fact anybody with access to your computer can do it too. That's why you should **NEVER** [[security_credentials#storing_password|store your password]] to WinSCP session without using [[master_password|master password]]. Read more about [[security_credentials|security of stored credentials]]. Yes you can. And in fact anybody with access to your computer can do it too. That's why you should **NEVER** [[security_credentials#storing_password|store your password]] to WinSCP session without using [[master_password|master password]]. Read more about [[security_credentials|security of stored credentials]].
-One way is to recover your password is enabling a password logging in preferences. See //[[ui_pref_logging|Log passwords and other sensitive information]]// preference option. Then inspect the session log file to find the stored password.+One way is to recover your password is enabling a password logging in preferences. See //[[ui_pref_logging|Log passwords and other sensitive information]]// preference option. Then inspect the session log file to find the stored password:
<code> <code>
-. 2015-07-02 18:44:56.823 -------------------------------------------------------------------------- +. 2019-08-13 07:41:11.313 --------------------------------------------------------------------- 
-. 2015-07-02 18:44:56.823 WinSCP Version 5.7.4 (Build 5553) (OS 6.3.9600 - Windows 8.1+. 2019-08-13 07:41:11.313 WinSCP Version 5.15.3 (Build 9730) (OS 10.0.18362 - Windows 10 Enterprise
-. 2015-07-02 18:44:56.823 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\ +. 2019-08-13 07:41:11.313 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\ 
-. 2015-07-02 18:44:56.823 Log level: Normal, Logging passwords+. 2019-08-13 07:41:11.313 Log level: Normal, Logging passwords
... ...
-. 2015-07-02 18:44:56.823 -------------------------------------------------------------------------- +. 2019-08-13 07:41:11.313 --------------------------------------------------------------------- 
-. 2015-07-02 18:44:56.823 Session name: My server (Site) +. 2019-08-13 07:41:11.313 Session name: My server (Site) 
-. 2015-07-02 18:44:56.824 Host name: example.com (Port: 22) +. 2019-08-13 07:41:11.313 Host name: example.com (Port: 22) 
-. 2015-07-02 18:44:56.824 User name: martin (Password: mypassword, Key file: No)+. 2019-08-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)
</code> </code>
-You can also abuse a [[ui_generateurl|Generate Session URL/Code function]] to retrieve the saved password. Note that special symbols in the password may get URL-encoded, see a [[session_url#special|decryption key]].+You can also abuse a [[ui_generateurl|Generate Session URL/Code]] function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the [[ui_generateurl#code|.NET assembly code]], where only double-quotes are escaped (in all supported languages).
**Remember**, once you recover your password, change it to a new one, and **DO NOT** store it again! **Remember**, once you recover your password, change it to a new one, and **DO NOT** store it again!
If you want to continue storing your password, protect it by [[master_password|master password]]. If you want to continue storing your password, protect it by [[master_password|master password]].

Last modified: by martin