Possible vulnerability when winSCP crashes on WinXP

Advertisement

aliceprince
Joined:
Posts:
1
Location:
USA

Possible vulnerability when winSCP crashes on WinXP

Hello all,

I checked through the forums and couldn't find a reference to this so here goes... I was running version 2.1 on windowsXP. After logging in and during a transfer the program crashed and Windows "helpfully" asked if I wished to send a report of that to Microsoft. Included in the report was a memory dump. Curious, I ran strings against it and the password of my session was included in the dump along with the ip adress and username, which is sent unencrypted to Microsoft. Is this normal activity? Does the password still need to loaded in memory while the proggy is in use? Has this problem occured before?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,517
Location:
Prague, Czechia

Re: Possible vulnerability when winSCP crashes on WinXP

Sorry, we cannot answer questions about WinSCP 2.1. It's over 16 years old! It definitely has more serious vulnerabilities than the one you have reported.

Use the latest version of WinSCP. The latest version still runs on Windows XP.

Reply with quote

Advertisement

You can post new topics in this forum