Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30781
HistoryJun 02, 2014 - 12:00 a.m.

FTP Rush: missing X.509 validation (FTP with TLS)

2014-06-0200:00:00
vulners.com
35
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-002
Product: FTP Rush
Vendor: Wing FTP Software
Affected Version(s): v2.1.8
Tested Version(s): v2.1.8 (Windows 7 32 bit and Windows 8.1 64 bit)
Vulnerability Type: X.509 validation
Risk Level: Medium
Solution Status:
Vendor Notification: 2014-04-04
Solution Date:
Public Disclosure: 2014-05-19
CVE Reference: Not assigned, (but similiar to CVE-2012-6606)
Author of Advisory: Micha Borrmann (SySS GmbH)

Overview:
FTP Rush does not validating X.509 certificates, if FTP with TLS is used

Vulnerability Details:
A user can not recognize an easy to perform
man-in-the-middle attack, because the client is not validate the X.509
certificate from the FTP server. In an untrusted networking
environment (like a Wifi hotspot), the current FTP AUTH TLS connection
with FTP Rush should be classified as not encrypted.

Proof of Concept (PoC): not needed

Solution: use another client for FTP with AUTH TLS

Disclosure Timeline:
April 3, 2014 - Vulnerability discovered
April 4, 2014 - Vulnerability reported to vendor
May 19, 2014 - Vulnerability disclosure, after a period of 45 days for
a responsible disclosure

Credits:
Security vulnerability found by Micha Borrmann of the SySS GmbH.

Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory
may be updated in order to provide as accurate information as
possible. The latest version of this security advisory is available on
the SySS web site
(https://www.syss.de/aktuelles/advisories/advisory-ftp-rush/)

Copyright:
Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTefx8AAoJEPxn66kbURKKFw8P/R1/D7b8GoZTQtPe2Rj/w6Sx
KakOOZ5IOEgbZP9pl6vOQBCCOWfipJFgVCSoF9BYUOJ9k/fM7inQZl7e4BRBIfGR
2bJveIe+VScTnDQ+yt56TKo6jSMvdszwcBrNTTI+cTn1CvlWBJiDAjHj6SWDCWRe
47tT7LMtOCL8bA/EAacfxWxAJFv2Zu45rkSqGXvKxz987Ss1CuuMUHQ6BzyggcCS
GvvfojwvNDOK77C+uYAdnqcyaWmepX++T9FmQbvjOulrysN4LamvdfpzlOt1ZxTe
Mcw03Y/ERTrEZkNfahk98LwklceImp0ZozJWazmFaBwEUuKGXJNeBniq+RE7PORq
e1cZ5zBsD4xiO3OoFwzV/GvP/2/O/I4hPI9WbfhjaZ2A1bGEv3hofy4HWPUKk8w3
aclr7pyY8CqhwY6ZPzV1euhpM2sVzfUTdf2NcNVY6Ra3dbj+QkqgYI6xyRtXSEvS
cLElul4ihD9fd0asY6Iczl6bXLUj5tWAHlYR0hz59NJiJBFlWgf+bf44SqmCel+x
qh1P66/CbFWjWvit60FmYL+nPYxjXc2ygo7bYu84uwzs06z/zcuVVlJSpSuUl2WG
dbr9dTL+aQys7zAbLCsh5DnqRmWiMNM4z/V+CRiZuZLRaPVlclPJTeBAxSeZpOuP
MwOf6Izjw169Ih5Dw1dT
=pJ3c
-----END PGP SIGNATURE-----

Related

cve 1
paloalto 1
prion 1
cve
cve
CVE-2012-6606
2013-08-31 17:55:00
paloalto
paloalto
Man-in-the-middle Vulnerability in GlobalProtect App
2012-10-22 07:00:00
prion
prion
Information disclosure
2013-08-31 17:55:00
JSON
Related for SECURITYVULNS:DOC:30781
cve1paloalto1prion1