possibly inappropriate behavior after network error

Advertisement

alsq
Joined:
Posts:
2

possibly inappropriate behavior after network error

First: thanks for a GREAT piece of software. This is the first time I ran into any issue, and (in my case, now, at this time) it's not that big. The reason why I'm reporting it is that it may affect security in general.

WinSCP version 4.3.2. build 1201 running on a Windows XP SP3 system, which is in fact a virtual machine (VMware). The server at the other end is an lpar (logical partion) on a Power7 AIX 6.1 64 bit machine. The connection is over a VPN.

On establishing (i.e. while extablishing it) an SCP session, some kind of network error occurred (not sure what). WinSCP complained it could not list the home directory of the user provided (let's call it user1). I had previously successfully authenticated with user1 using WinSCP on the same setup, so IMHO this is likely a genuine network error; it happens. WinSCP asked to try again, I said OK. WinSCP asked again for login credentials. This second time I provided credentials for a different user (call it user2). The SCP session was successfully reestablished, but here it gets interesting. I had provided the credentials of user2, yet I was shown the home directory of user1. I was curious, and proceeded to transfer a file from the windows client to the home directory of user1. In fact, user2 happens not to have appropriate rights on the home directory of user1, and the transfer correctly failed. At this point I terminated the session and started a new one.

Unfortunately there is not much I can provide by way of further details, as I did not make a note of the network error code (if one was reported, can't remember). This behavior, tho, is peculiar enough I thought it was worth this post. I realize it can be daunting to duplicate, sorry!

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: possibly inappropriate behavior after network error

WinSCP would really behave this way in the scenario you describe. I'll try to think of another solution. Thanks for pointing this out!
_________________
Martin Prikryl

Reply with quote

alsq
Joined:
Posts:
2

Re: possibly inappropriate behavior after network error

martin wrote:

WinSCP would really behave this way in the scenario you describe. I'll try to think of another solution. Thanks for pointing this out!

So this is in fact something useful I reported, thanks for the feedback. Glad I could help.

Reply with quote

Advertisement

You can post new topics in this forum