Denial of Service via SFTP (Stack Exhaustion) :: Support Forum

Zlynt
Joined:: 2021-06-19
Posts:: 1

Denial of Service via SFTP (Stack Exhaustion)

2021-06-19 21:11

With the use of a malicious server, it is possible to cause a stack exhaustion.

Run a local or remote server using the custom server provided in the attachment. To run the server it is needed Node.js. After starting the server, connect to it using the following settings:

Protocol: SFTP
Port number: 22
Username: demo
The server does not have a password

WinSCP version: 5.19
OS version: Windows 10 Education x64

WinSCP-Denial-of-Service.zip (801.24 KB, Private file)

Description: Malicious PoC SFTP Server

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,440
Location:: Prague, Czechia

Re: Denial of Service via SFTP (Stack Exhaustion)

2021-06-22

Thanks for your report. Can give us some instructions for starting the server? We have no experience with Node.js. Or just describe how the DoS attack works.

Reply with quote