Denial of Service via SFTP (Stack Exhaustion)

Advertisement

Zlynt
Joined:
Posts:
1

Denial of Service via SFTP (Stack Exhaustion)

With the use of a malicious server, it is possible to cause a stack exhaustion.

Run a local or remote server using the custom server provided in the attachment. To run the server it is needed Node.js. After starting the server, connect to it using the following settings:

Protocol: SFTP
Port number: 22
Username: demo
The server does not have a password

WinSCP version: 5.19
OS version: Windows 10 Education x64
  • WinSCP-Denial-of-Service.zip (801.24 KB, Private file)
Description: Malicious PoC SFTP Server

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,276
Location:
Prague, Czechia

Re: Denial of Service via SFTP (Stack Exhaustion)

Thanks for your report. Can give us some instructions for starting the server? We have no experience with Node.js. Or just describe how the DoS attack works.

Reply with quote

Advertisement

You can post new topics in this forum