Topic "plain-text password logged in Debug Log"

Author Message
schopc3
[View user's profile]

Joined: 2015-10-14
Posts: 2
Location: Denver, CO
When enabling the debug log from the .NET class using a log level of "Normal" we see passwords in the Debug log. Some passwords are masked with * but others are left in plain-text. This seems to be undocumented behavior with no way to disable password logging. Is there a way to prevent plain-text passwords from being written to the debug log?

Below are some relevant excerpts from the debug log. The entry in question starts with "Output: [winscp> open" where the ftp info has been obfuscated by me:

---beginning of log---
[2015-10-14 13:19:07.383Z] [0001] Executing Assembly: WinSCPnet, Version=1.2.9.5553, Culture=neutral, PublicKeyToken=2271ec4a3c56d0bf; Path: D:\WinSCPnet.DLL; Location: D:\WinSCPnet.dll; Product: 5.7.4.0
.
.
.
[2015-10-14 13:19:07.383Z] [0001] Operating system: Microsoft Windows NT 6.2.9200.0
.
.
.
[2015-10-14 13:19:07.384Z] [0001] Runtime: 4.0.30319.18449
.
.
.
[2015-10-14 13:19:07.395Z] [0001] Version of D:\WinSCP.exe is 5.7.4.5553, product WinSCP version is 5.7.4.0
.
.
.
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option batch on]
[2015-10-14 13:19:07.568Z] [0001] Output: [batch on ]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option confirm off]
[2015-10-14 13:19:07.568Z] [0001] Output: [confirm off ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> option reconnecttime 120]
[2015-10-14 13:19:07.568Z] [0001] Output: [reconnecttime 120 ]
[2015-10-14 13:19:07.568Z] [0001] Output: [winscp> open "ftp://user:password@ftp.servername.com:21" -passive=1 -timeout=15 -rawsettings FtpUseMlsd="2" Timeout="300"]
[2015-10-14 13:19:07.568Z] [0001] Output: [Connecting to ftp.servername.com ...]
.
.
.
---log truncated---
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Debug log is for debugging. You may need to see the password to debug a problem.
schopc3
[View user's profile]

Joined: 2015-10-14
Posts: 2
Location: Denver, CO
prikryl wrote:
Debug log is for debugging. You may need to see the password to debug a problem.

I am using WinSCP.exe plus the .NET component in an automated environment where I want to let users configure the system to write a debug log to disk in cases where they think the remote FTP server or interaction with the WinSCP component is the problem. Short of me doing some post-processing on the debug log, which is unreliable since I am not the maker of the log, we have potential to have passwords sitting in plain-text in a server-environment. When writing the log the password is known so can we have an option to mask all instances of it before writing the debug log to disk? If the option were added, it seems logical to make masking the password the default behavior and make users flip a bit to log the password in plain-text.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
For this purpose, use a session log, not a debug log.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License