WinSCP does not authenticate server on reconnect
When reconnecting to a server after the connection goes down, WinSCP does not seem authenticate the server's key. Thus a man-in-the-middle attack is possible!
The specifics of my case: I was SCPing into my laptop, which was on wireless. I suspended said laptop, when I reopened it and tried to reconnect my IP address has changed, so WinSCP tried to connect to a different computer, which happened to also run SSH deamon, thus compromising my pw. This happened with WinSCP 4.1.8, so it could be that this issue was fixed, but I didn't see it posted anywhere.
The specifics of my case: I was SCPing into my laptop, which was on wireless. I suspended said laptop, when I reopened it and tried to reconnect my IP address has changed, so WinSCP tried to connect to a different computer, which happened to also run SSH deamon, thus compromising my pw. This happened with WinSCP 4.1.8, so it could be that this issue was fixed, but I didn't see it posted anywhere.
