THE INFORMATION IN THIS ARTICLE APPLIES TO:
Is EFT affected by the LibSSH vulnerability?
No, EFT is not affected by the LibSSH vulnerability. The vulnerability pertains to libssh which was never used in EFT.
EFT uses sshlib (1.81) from Bitvise. Bitvise does not share a common code with libssh. In Bitvise Software, authentication state is managed in separate client-side and server-side components. The server-side authentication component is not affected by this issue and will ignore any SSH_MSG_USERAUTH_SUCCESS messages sent by the client.
EFT v220.127.116.11 and later uses OpenSSH for SFTP.