Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Re: Security> Master password Bypass

The master password does not prevent WinSCP from running neither from starting a connection. It only protects stored passwords. So if you cancel the master password prompt, the connection continues, you just get prompted for password, as if it was not stored in the site.

If you use password-less authentication, for example private key without passphrase or loaded into Pageant, master password is not involved at all. You should actually not get a prompt as all. Except for a case where you have password stored in site, but it's actually not used because private key authentication has precedence. Then you get a prompt, but cancelling it won't prevent automatic authentication using private key/pageant.

Security> Master password Bypass


Thank you for your product.

There is a simple security bypass :

- create a master password
- close winscp
- start winscp and choose an account
- on master password prompt let empty just click cancel
- you can connect ?!

Did I miss something ?


WinSCP v5.5.2 (build 4130)
OS: Windows 7 64bit