Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

ToldaCZ

Re: Generate session URL/code decode password to plain text

martin wrote:

Without a master password, passwords are not protected (cannot be). They can be retrieved anytime. The "generate code" functionality makes it only bit easier. But that's actually a plus, as it makes it clear to everyone that the passwords are not protected.

See also
https://winscp.net/eng/docs/security_credentials
https://winscp.net/eng/docs/faq_password


ok. Thank you
ToldaCZ

Re: Generate session URL/code decode password to plain text

martin wrote:

This is rather broad post.
What "encryption" are you referring to?
Are you using master password?


Hello,

Master password partially fix topic. See picture

Thank you
martin

Re: Generate session URL/code decode password to plain text

This is rather broad post.
What "encryption" are you referring to?
Are you using master password?
ToldaCZ

Generate session URL/code decode password to plain text

Hello,

I see security vulnerability. Generate session URL/code is able to decode encrypted password to plain text.

BR
ToldaCZ

Documentation

Support

Associations

Follow Us