I love WinSCP, but I also love being somewhat secure.
I have set a 'Master key' within WinSCP in hopes to secure the FTP passwords I have stored in WinSCP. I thought this worked for about 2 years now, however, I have just discovered that the window which prompts me to enter the Master key can simply be closed by clicking 'Cancel' and WinSCP will start connecting to whichever server I clicked to connect to.
This also works when editing the saved FTP connection, I can simply click 'Cancel' on the master key prompt and it lets me edit the connection without authenticating.
So my question is, is this a bug or is that how the feature was intended? Because if this is not a bug, I am unsure how setting a master key would be useful in any way, shape, or form.
No log as this happens across any server; steps:
- 1) Make sure you have an S/FTP connection saved along with its password in sessions.
2) Set a Master key under Settings->Security
3) Close WinSCP
4) Open WinSCP
5) Click on the saved S/FTP connection
6) Click 'Login'
7) When 'Master password' prompt opens, click 'Cancel'
8) Done; WinSCP starts connecting