[Bug] Able to delete websites without master password

Advertisement

BarisUnver
Guest

[Bug] Able to delete websites without master password

Hi. I just realized that I was able to delete a couple of my websites without WinSCP asking me for a master password. Just wanted to let you know.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

Re: [Bug] Able to delete websites without master password

The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.

Reply with quote

BarisUnver
Guest

Re: [Bug] Able to delete websites without master password

martin wrote:

The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.

That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?

Reply with quote

Ricardo
Donor
Ricardo avatar
Joined:
Posts:
107

Re: [Bug] Able to delete websites without master password

BarisUnver wrote:

martin wrote:

The master password is only to protect the stored password. It's not to prevent user from accessing/modifying/removing other data.

That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?
The only way to prevent that would be encrypting the config INI file itself or, in the case settings are saved to Registry, restricting permissions of the registry key. And wscp does not do this.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,271
Location:
Prague, Czechia

Re: [Bug] Able to delete websites without master password

BarisUnver wrote:

That shouldn't be the case, master password should also protect the changes. What if someone changes all passwords to "123456" and prevents the computer owner to connect to his/her sites in an emergency?
Encryption cannot prevent the data from being damaged.

Reply with quote

Advertisement

You can post new topics in this forum