Topic "WinSCP does not authenticate server on reconnect"

Author Message


When reconnecting to a server after the connection goes down, WinSCP does not seem authenticate the server's key. Thus a man-in-the-middle attack is possible!
The specifics of my case: I was SCPing into my laptop, which was on wireless. I suspended said laptop, when I reopened it and tried to reconnect my IP address has changed, so WinSCP tried to connect to a different computer, which happened to also run SSH deamon, thus compromising my pw. This happened with WinSCP 4.1.8, so it could be that this issue was fixed, but I didn't see it posted anywhere.
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26299
Location: Prague, Czechia
Looks unlikely to me. But anyway, are you able to reproduce this?
Martin Prikryl

You can post new topics in this forum

Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!


About donations

$9   $19   $49   $99

About donations


WinSCP Privacy Policy

WinSCP License