Generate session URL/code decode password to plain text

Advertisement

ToldaCZ
Guest

Generate session URL/code decode password to plain text

Hello,

I see security vulnerability. Generate session URL/code is able to decode encrypted password to plain text.

BR
ToldaCZ

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
31,243
Location:
Prague, Czechia

Re: Generate session URL/code decode password to plain text

This is rather broad post.
What "encryption" are you referring to?
Are you using master password?

Reply with quote

ToldaCZ
Guest

Re: Generate session URL/code decode password to plain text

martin wrote:

This is rather broad post.
What "encryption" are you referring to?
Are you using master password?

Hello,

Master password partially fix topic. See picture

Thank you

picture.png

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
31,243
Location:
Prague, Czechia

Re: Generate session URL/code decode password to plain text

Without a master password, passwords are not protected (cannot be). They can be retrieved anytime. The "generate code" functionality makes it only bit easier. But that's actually a plus, as it makes it clear to everyone that the passwords are not protected.

See also
https://winscp.net/eng/docs/security_credentials
https://winscp.net/eng/docs/faq_password

Reply with quote

Advertisement

You can post new topics in this forum