Search

GlobalSCAPE Knowledge Base

Is EFT affected by the CVE-2020-14145 vulnerability?

3/24/2025
ivasquez
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT 8.1 or older

QUESTION

  • Is EFT vulnerable to the CVE-2020-14145 vulnerability?

ANSWER

No. EFT uses OpenSSH differently and does not order host key algorithms, as a result this vulnerability does not apply to EFT.

If you want to avoid this false positive in your environment, update to EFT 8.2.1 that uses a newer version of OpenSSH.

Additionally, when your EFT server connects to an external server, you must define the connection profile with a valid and accessible path to the certificate. For detailed instructions refer to our online documentation: Defining a Connection Profile. If clients are connecting to your EFT server, they need to include your certificate in their connection string.

MORE INFORMATION

Online article about discovery of vulnerability: CVSS 5.9 CVE-2020-14145 — SSH-MITM

CVE website: CVE: Common Vulnerabilities and Exposures

Share Article

On a scale of 1-5, please rate the helpfulness of this article



Not Helpful
Very Helpful
Optionally provide additional feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 2 days ago @ 1:54 PM
Last Modified By: ivasquez
Type: INFO
Article not rated yet.
Article has been viewed 65 times.
Options
Print Article
Export As PDF
Also In This Category
Customer Support Software By InstantKB 2020 Final
Execution: 0.000. 9 queries. Compression Disabled.