Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30580
HistoryMay 04, 2014 - 12:00 a.m.

CVE-2014-2735 - WinSCP: missing X.509 validation

2014-05-0400:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-003
Product: WinSCP
Affected Version(s): 5.5.2.4130
Tested Version(s): 5.5.2.4130 (Windows 7 32 bit and Windows 8.1 64 bit)
Vulnerability Type: Missing X.509 validation
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-04-07
Solution Date: 2014-04-09
Public Disclosure: 2014-04-16
CVE Reference: CVE-2014-2735
Author of Advisory: Micha Borrmann (SySS GmbH)

Overview: WinSCP is not checking the "Common Name" of a X.509
certificate, when FTP with TLS is used.

Vulnerability Details:
A user can not recognize an easy to perform man-in-the-middle attack,
because the client does not validate the "Common Name" of the servers
X.509 certificate. In networking environment that is not trustworthy,
like a wifi network, using FTP AUTH TLS with WinSCP the servers identity
can not be trusted.

Solution: Upgrade to WinSCP 5.5.3

Disclosure Timeline:

April 07, 2014 - Vulnerability discovered
April 07, 2014 - Vulnerability reported to vendor
April 09, 2014 - Bug was confirmed and fixed by the vendor [1]
April 10, 2014 - Bug fix could be confirmed with WinSCP 5.5.3 (Build 4193)
April 14, 2014 - WinSCP 5.5.3 (Build 4214) was released [2]

References:
[1] http://winscp.net/tracker/show_bug.cgi?id=1152
[2] http://winscp.net/eng/download.php

Credits:

Security vulnerability found by Micha Borrmann of the SySS GmbH.

E-Mail: micha.borrmann (at) syss.de
Public Key:
https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Micha_Borrmann.asc
Key fingerprint = 6897 7B33 B359 B8BA 0884 969F FC67 EBA9 1B51 128A

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS web
site.

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTTireAAoJEPxn66kbURKKXe0QAIVS4dK27VeNSE68I2BmgVjR
BZkHe7S1X1uec9o7CyT0LUGV+7F/esfDmbfn3vXm/WV6qbUhMLPSIrEKr4HF3bXf
s4b/r117Wy9kj02CtLTAw82egLWYakNPq168v0+zi0tTYY1xqgErPVlid8zPmR9n
aNDQ4MH1HX3PSyXb3q4fkZGUhKgZuCxjwDE1jCm1TroUVy3+NhaE7kZKls6DV8UM
KgbMkee0lyGRWKzGG/+by7qdqT9iHK1tBcI18XEQxlHQjRFG/SDyL1eCyg+VORB6
8fVgh8bN1UyIEouZBnrqx6hhNQua7iMmeV5aTEMstMgbw3XvEMmEuAN2ZJOeod2U
zZ/+huTLULAqfgefwOOVJBw04hbTyfWDhdvFwpVsoEvt6MMtB+hJuA6GXUjGMZ6W
TIYiLKDSMOhFVn/zpPySgGLlu6VOyU5D5RWsZXacHJBeMb8nFl6vi5QECjI2pN+s
rFGgjMKemz7CEQk4BM2giQD3O7cq68iTwCVcys9EbMllXpY1P+haZGdhnSY4ZoJt
s5xWrgkT4YIaMeJPMUV0O9yuSyJYVSCwZYgA/CNv8e40ddkXwymLv07Qvkx59upw
Z6WW/+TVPB+wcO1gq+P+sDqXMbkMMF+DjSrvHpuS/gNd5masoJhJRNEnCvpJCDtY
Eopi3SjkNeyBsm1wRii2
=se8l
-----END PGP SIGNATURE-----

Related

prion 1
securityvulns 1
kaspersky 1
cve 1
nessus 1
prion
prion
Code injection
2014-04-22 13:06:00
securityvulns
securityvulns
WinSCP proteciton bypass
2014-05-04 00:00:00
kaspersky
kaspersky
KLA10396 SB vulnerability in WinSCP
2014-04-22 00:00:00
cve
cve
CVE-2014-2735
2014-04-22 13:06:00
nessus
nessus
WinSCP Heartbeat Information Disclosure (Heartbleed)
2014-04-18 00:00:00
JSON
Related for SECURITYVULNS:DOC:30580
prion1securityvulns1kaspersky1cve1nessus1