Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Re: Denial of Service via SFTP (Stack Exhaustion)

Thanks for your report. Can give us some instructions for starting the server? We have no experience with Node.js. Or just describe how the DoS attack works.

Denial of Service via SFTP (Stack Exhaustion)

With the use of a malicious server, it is possible to cause a stack exhaustion.

Run a local or remote server using the custom server provided in the attachment. To run the server it is needed Node.js. After starting the server, connect to it using the following settings:

Protocol: SFTP
Port number: 22
Username: demo
The server does not have a password

WinSCP version: 5.19
OS version: Windows 10 Education x64