This is an old revision of the document!

Can I recover password stored in WinSCP session?

Yes you can. And in fact anybody with access to your computer can do it too. That’s why you should NEVER store your password to WinSCP session without using master password. Read more about security of stored credentials.

One way is to recover your password is enabling a password logging in preferences. See Log passwords and other sensitive information preference option. Then inspect the session log file to find the stored password.

Advertisement

. 2017-06-13 07:41:11.313 ---------------------------------------------------------------------
. 2017-06-13 07:41:11.313 WinSCP Version 5.9.5 (Build 7441) (OS 10.0.15063 - Windows 10)
. 2017-06-13 07:41:11.313 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2017-06-13 07:41:11.313 Log level: Normal, Logging passwords
...
. 2017-06-13 07:41:11.313 ---------------------------------------------------------------------
. 2017-06-13 07:41:11.313 Session name: My server (Site)
. 2017-06-13 07:41:11.313 Host name: example.com (Port: 22)
. 2017-06-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No)

You can also abuse a Generate Session URL/Code function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the .NET assembly code, where only double-quotes are escaped (in all supported languages).

Remember, once you recover your password, change it to a new one, and DO NOT store it again!

If you want to continue storing your password, protect it by master password.

Last modified: by martin