Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: 5.1.7 (build 3446) does NOT mask passwords in logfile

2013-09-30

Only passwords in open command log record are masked. If you are referring to a "Command-line" record, then indeed it's not masked out. You have to stored the password to a script to have it masked. There are so many ways to pass a password on command-line, that it's would be very difficult to locate it to mask it out. Also note that process command-line parameters is a public information. Any other process on a system can retrieve that. So if you are that concerned about security, do not pass passwords on command-line.

andnet81

5.1.7 (build 3446) does NOT mask passwords in logfile

2013-09-27 14:25

Attention! This is a major problem and a huge security issue.

Although the bugtracker shows this as RESOLVED,
passwords in "open" command line commands are visible in clear text.

In related news: It seems WinSCP.com executable does not have a switch/command to output a version. If this is correct, consider implementing this, because it best practice to do so.

5.1.7 (build 3446) is what the Exe-file says.

Post a reply

Topic review

Re: 5.1.7 (build 3446) does NOT mask passwords in logfile

5.1.7 (build 3446) does NOT mask passwords in logfile

Documentation

Support

Associations

Follow Us