Topic "Cross-site request forgery CSRF"

Author Message
ridera
[View user's profile]

Joined: 2007-03-13
Posts: 7
I found WinSCP was vulnerable to CSRF in a report several years old.

But, I can't find a ref to it on your site.

I assume the old report was false or you've fixed it.

Would you comment on this to ease my concern.

Great product, use it all the time.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Please post a reference to the report.
_________________
Martin Prikryl
ridera
[View user's profile]

Joined: 2007-03-13
Posts: 7
I'm not really concerned about the "old" reports. I just asked:

"I assume the old report was false or you've fixed it. Would you comment on this to ease my concern."

However, per your request, just to cite a handful. Google "cross site request forgery winscp" and dozens show up:
<invalid hyperlink removed by admin>
http://secunia.com/advisories/26820
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>

etc.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
These have been fixed.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License