Topic "Possible vulnerability when winSCP crashes on WinXP"

Author Message
[View user's profile]

Joined: 2003-02-12
Posts: 1
Hello all,

I checked through the forums and couldn't find a reference to this so here goes... I was running version 2.1 on windowsXP. After logging in and during a transfer the program crashed and Windows "helpfully" asked if I wished to send a report of that to Microsoft. Included in the report was a memory dump. Curious, I ran strings against it and the password of my session was included in the dump along with the ip adress and username, which is sent unencrypted to Microsoft. Is this normal activity? Does the password still need to loaded in memory while the proggy is in use? Has this problem occured before?
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26890
Location: Prague, Czechia
I'll look at this, thanks for letting m e know.
Martin Prikryl

You can post new topics in this forum


What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!


About donations

$9   $19   $49   $99

About donations


WinSCP Privacy Policy

WinSCP License