Master Password Bypass by clicking cancel

itframework
Joined:: 2023-08-21
Posts:: 1
Location:: US

Master Password Bypass by clicking cancel

2023-08-21 04:24

When I set up a site, I set a master password on it and at one point when needing to go to a different area after accidentally starting that site session, it asked for the master password. I clicked cancel, thinking it was going to close the initiated session, but instead, it just started the session anyways.

I did this a couple more times, through the site session file as well as from the main console and both resulted the same bypass.

WinSCP v6.1.1

WINSCP_2023-08-20 20-18-56.png (33.89 KB, Private file)

Description: Link to screen recording of the issue:

https://kaneinfrastructureservices-my.sharepoint.com/:v:/g/personal/dennis_fair_kane_com/EabV1zCPfC9ItDbg9guZPnoBLgmejczQNP_EcZykAcGsWw?e=HK359s

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,040
Location:: Prague, Czechia

Re: Master Password Bypass by clicking cancel

2023-08-21

The recording shows that although your stored site indeed has a stored password, which is protected by the master password, you are actually authenticating with a public key:

Authenticating with public key "kane\dennis.fair@NOC"

So the password is not used/needed for the authentication at all.

Reply with quote

You can post new topics in this forum

Master Password Bypass by clicking cancel

Master Password Bypass by clicking cancel

Re: Master Password Bypass by clicking cancel

Documentation

Support

Associations

Follow Us