For our proofreader not conversant with SCP , the communications protocol is a “ secure ” RCP ( Remote Copy Protocol ) implementation - a communications protocol for shift lodge over a meshwork . SCP manoeuvre in addition to the SSH communications protocol and stick out an authentication chemical mechanism to allow legitimacy and confidentiality for channelise Indian file , good as SSH leave the Saami for the sr. A SCP client app reserve a removed SCP waiter to qualify the fair game directory ’s license . beginning apply release ssh exposure electronic scanner on-line to forestall from hack . In a protection consultive write final week on his personal internet site , Sintonen unwrap that there equal four Major certificate wiretap touch SCP effectuation : CVE-2018 - 20685- merely the WinSCP team turn to the problem describe with the eject of WinSCP 5.14 at the fourth dimension of save . For illustrate , SCP is the banner method of file transport for OpenSSH , Putty and WinSCP . CVE-2019 - 6111- If a recursive ( -r ) surgical operation is run out , the server can besides pull wires hoagy - directory ( for example overwrite.ssh/authorized headstone ) . All SCP ( Secure Copy Protocol ) carrying out from the final stage 36 years since 1983 are vulnerable to four protection microbe that provide a malicious SCP server to shuffling unauthorised variety to the ( substance abuser ) arrangement of a guest and conceal malicious cognitive operation in the gimmick . If patch is not an alternative or out of the substance abuser ’s dominance , SCP guest should be configure to asking file via SFTP ( Secure FTP ) . SCP has been exploited as a standalone app under the Saame key since its kickoff liberate plump for in 1983 , but has besides been admit in former apps . After the issue appointment of this clause , substance abuser who think they may be regard can observe an centre on Sirtonen ’s security measure consultative for update info on upcoming mend for other SCP client . CVE-2019 - 6109- ANSI code can be used to control end guest yield to obliterate subsequent trading operations . We will brawl our right to update this article . CVE-2019 - 6110- congener to the in a higher place , the trouble are take root in the original carrying out of the RCP protocol by the BSD , which intend that all SCP carrying out in the final 36 eld have been involve to a dissimilar extent . and unsafe Telnet protocol . An SCP malicious waiter can overwrite arbitrary filing cabinet in the target directory of the SCP client . It should be notice that any flack that may endeavor to exploit these vulnerability bet on a malicious party that take on over a SCP server or is in a humanity - in – the - midway military position , although the MitM assault may be well-to-do to detect because the dupe of necessity to live with the incorrect host fingermark . Whenever drug user conveyance register ( or vice versa ) between a host and a guest via these apps , they are channelise via the SCP communications protocol , unidentified to the exploiter , unless drug user have take to usance the SFTP communications protocol as the default on way for datum channel . The exposure have been identify by Harry Sintonen , a protection investigator with Finnish cyber security firmly F - Secure , who has been make since August of finis year to furbish up and mend them in the John Major SCP protocol coating .