Search

GlobalSCAPE Knowledge Base

EFT is NOT affected by the LibSSH vulnerability

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT versions v8.0.5 and earlier. (Bitvise was removed in v8.0.6)

QUESTION

Is EFT affected by the LibSSH vulnerability?

ANSWER

No, EFT is not affected by the LibSSH vulnerability. The vulnerability pertains to libssh which was never used in EFT.

EFT used sshlib (1.81) from Bitvise in versions prior to v8.0.6). Bitvise does not share a common code with libssh. In Bitvise Software, authentication state is managed in separate client-side and server-side components. The server-side authentication component is not affected by this issue and will ignore any SSH_MSG_USERAUTH_SUCCESS messages sent by the client.

EFT v7.4.11.34 and later uses OpenSSH for SFTP.

Details
Last Modified: 10 Months Ago
Last Modified By: kmarsh
Type: FAQ
Rated 4 stars based on 4 votes.
Article has been viewed 57K times.
Options
Also In This Category
Tags