plain-text password logged in Debug Log
When enabling the debug log from the .NET class using a log level of "Normal" we see passwords in the Debug log. Some passwords are masked with * but others are left in plain-text. This seems to be undocumented behavior with no way to disable password logging. Is there a way to prevent plain-text passwords from being written to the debug log?
Below are some relevant excerpts from the debug log. The entry in question starts with "Output: [winscp> open" where the ftp info has been obfuscated by me:
---beginning of log---
[2015-10-14 13:19:07.383Z] [0001] Executing Assembly: WinSCPnet, Version=1.2.9.5553, Culture=neutral, PublicKeyToken=2271ec4a3c56d0bf; Path: D:\WinSCPnet.DLL; Location: D:\WinSCPnet.dll; Product: 5.7.4.0
.
.
.
[2015-10-14 13:19:07.383Z] [0001] Operating system: Microsoft Windows NT 6.2.9200.0
.
.
.
[2015-10-14 13:19:07.384Z] [0001] Runtime: 4.0.30319.18449
.
.
.
[2015-10-14 13:19:07.395Z] [0001] Version of D:\WinSCP.exe is 5.7.4.5553, product WinSCP version is 5.7.4.0
.
.
.
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option batch on]
[2015-10-14 13:19:07.568Z] [0001] Output: [batch on ]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option confirm off]
[2015-10-14 13:19:07.568Z] [0001] Output: [confirm off ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option reconnecttime 120]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> open "ftp://user:password@ftp.servername.com:21" -passive=1 -timeout=15 -rawsettings FtpUseMlsd="2" Timeout="300"]
[2015-10-14 13:19:07.568Z] [0001] Output: [Connecting to ftp.servername.com ...]
.
.
.
---log truncated---
Below are some relevant excerpts from the debug log. The entry in question starts with "Output: [winscp> open" where the ftp info has been obfuscated by me:
---beginning of log---
[2015-10-14 13:19:07.383Z] [0001] Executing Assembly: WinSCPnet, Version=1.2.9.5553, Culture=neutral, PublicKeyToken=2271ec4a3c56d0bf; Path: D:\WinSCPnet.DLL; Location: D:\WinSCPnet.dll; Product: 5.7.4.0
.
.
.
[2015-10-14 13:19:07.383Z] [0001] Operating system: Microsoft Windows NT 6.2.9200.0
.
.
.
[2015-10-14 13:19:07.384Z] [0001] Runtime: 4.0.30319.18449
.
.
.
[2015-10-14 13:19:07.395Z] [0001] Version of D:\WinSCP.exe is 5.7.4.5553, product WinSCP version is 5.7.4.0
.
.
.
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option batch on]
[2015-10-14 13:19:07.568Z] [0001] Output: [batch on ]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option confirm off]
[2015-10-14 13:19:07.568Z] [0001] Output: [confirm off ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option reconnecttime 120]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> open "ftp://user:password@ftp.servername.com:21" -passive=1 -timeout=15 -rawsettings FtpUseMlsd="2" Timeout="300"]
[2015-10-14 13:19:07.568Z] [0001] Output: [Connecting to ftp.servername.com ...]
.
.
.
---log truncated---
