Master Password Bypass by clicking cancel

Advertisement

itframework
Joined:
Posts:
1
Location:
US

Master Password Bypass by clicking cancel

When I set up a site, I set a master password on it and at one point when needing to go to a different area after accidentally starting that site session, it asked for the master password. I clicked cancel, thinking it was going to close the initiated session, but instead, it just started the session anyways.

I did this a couple more times, through the site session file as well as from the main console and both resulted the same bypass.

WinSCP v6.1.1
  • WINSCP_2023-08-20 20-18-56.png (33.89 KB, Private file)
Description: Link to screen recording of the issue:

https://kaneinfrastructureservices-my.sharepoint.com/:v:/g/personal/dennis_fair_kane_com/EabV1zCPfC9ItDbg9guZPnoBLgmejczQNP_EcZykAcGsWw?e=HK359s

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,984
Location:
Prague, Czechia

Re: Master Password Bypass by clicking cancel

The recording shows that although your stored site indeed has a stored password, which is protected by the master password, you are actually authenticating with a public key:
Authenticating with public key "kane\dennis.fair@NOC"
So the password is not used/needed for the authentication at all.

Reply with quote

Advertisement

You can post new topics in this forum