Cross-site request forgery CSRF

Advertisement

ridera
Joined:
Posts:
7

Cross-site request forgery CSRF

I found WinSCP was vulnerable to CSRF in a report several years old.

But, I can't find a ref to it on your site.

I assume the old report was false or you've fixed it.

Would you comment on this to ease my concern.

Great product, use it all the time.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Cross-site request forgery CSRF

Please post a reference to the report.
_________________
Martin Prikryl

Reply with quote

ridera
Joined:
Posts:
7

I'm not really concerned about the "old" reports. I just asked:

"I assume the old report was false or you've fixed it. Would you comment on this to ease my concern."

However, per your request, just to cite a handful. Google "cross site request forgery winscp" and dozens show up:
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>

etc.

Reply with quote

Advertisement

You can post new topics in this forum