Topic "WinSCP does not authenticate server on reconnect"

Author Message


When reconnecting to a server after the connection goes down, WinSCP does not seem authenticate the server's key. Thus a man-in-the-middle attack is possible!
The specifics of my case: I was SCPing into my laptop, which was on wireless. I suspended said laptop, when I reopened it and tried to reconnect my IP address has changed, so WinSCP tried to connect to a different computer, which happened to also run SSH deamon, thus compromising my pw. This happened with WinSCP 4.1.8, so it could be that this issue was fixed, but I didn't see it posted anywhere.
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26890
Location: Prague, Czechia
Looks unlikely to me. But anyway, are you able to reproduce this?
Martin Prikryl

You can post new topics in this forum


What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!


About donations

$9   $19   $49   $99

About donations


WinSCP Privacy Policy

WinSCP License