WinSCP does not authenticate server on reconnect

Advertisement

gpcprog
Guest

WinSCP does not authenticate server on reconnect

When reconnecting to a server after the connection goes down, WinSCP does not seem authenticate the server's key. Thus a man-in-the-middle attack is possible!
The specifics of my case: I was SCPing into my laptop, which was on wireless. I suspended said laptop, when I reopened it and tried to reconnect my IP address has changed, so WinSCP tried to connect to a different computer, which happened to also run SSH deamon, thus compromising my pw. This happened with WinSCP 4.1.8, so it could be that this issue was fixed, but I didn't see it posted anywhere.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: WinSCP does not authenticate server on reconnect

Looks unlikely to me. But anyway, are you able to reproduce this?
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum