Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: Possible vulnerability when winSCP crashes on WinXP

2019-08-23

Sorry, we cannot answer questions about WinSCP 2.1. It's over 16 years old! It definitely has more serious vulnerabilities than the one you have reported.

Use the latest version of WinSCP. The latest version still runs on Windows XP.

aliceprince

Possible vulnerability when winSCP crashes on WinXP

2019-08-23 05:14

Hello all,

I checked through the forums and couldn't find a reference to this so here goes... I was running version 2.1 on windowsXP. After logging in and during a transfer the program crashed and Windows "helpfully" asked if I wished to send a report of that to Microsoft. Included in the report was a memory dump. Curious, I ran strings against it and the password of my session was included in the dump along with the ip adress and username, which is sent unencrypted to Microsoft. Is this normal activity? Does the password still need to loaded in memory while the proggy is in use? Has this problem occured before?

Post a reply

Topic review

Re: Possible vulnerability when winSCP crashes on WinXP

Possible vulnerability when winSCP crashes on WinXP

Documentation

Support

Associations

Follow Us