Advisory ID: | SYSS-2014-003 |
Product: | WinSCP |
Affected Version(s): | 5.5.2.4130 |
Tested Version(s): | 5.5.2.4130 (Windows 7 32 bit and Windows 8.1 64 bit) |
Vulnerability Type: | Missing X.509 validation |
Risk Level: | Medium Solution |
Status: | Fixed |
Vendor Notification: | 2014-04-07 |
Solution Date: | 2014-04-09 |
Public Disclosure: | 2014-04-16 |
Reference: | CVE-2014-2735 |
Author of Advisory: | Micha Borrmann (SySS GmbH) |
WinSCP is not checking the "Common Name" of a X.509 certificate, when FTP with TLS is used.
Vulnerability Details
A user can not recognize an easy to perform man-in-the-middle attack, because the client does not validate the "Common Name" of the servers X.509 certificate. In networking environment that is not trustworthy, like a wifi network, using FTP AUTH TLS with WinSCP the servers identity can not be trusted.
Solution
Upgrade to WinSCP 5.5.3
Disclosure Timeline
April 07, 2014 - Vulnerability discovered
April 07, 2014 - Vulnerability reported to vendor
April 09, 2014 - Bug was confirmed and fixed by the vendor [1]
April 10, 2014 - Bug fix could be confirmed with WinSCP 5.5.3 (Build 4193)
April 14, 2014 - WinSCP 5.5.3 (Build 4214) was released [2]
References
[1] winscp.net/tracker/show_bug.cgi [2] winscp.net/eng/download.php
Credits
Security vulnerability found by Micha Borrmann of the SySS GmbH. E-Mail: micha.borrmann (at) syss.de
Public Key: www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Micha_Borrmann.asc
Key fingerprint = 6897 7B33 B359 B8BA 0884 969F FC67 EBA9 1B51 128A
Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS web site.
Creative Commons - Attribution (by) - Version 3.0
Ihr direkter Kontakt zu SySS +49 (0)7071 - 40 78 56-0 oder anfrage@syss.de | IN DRINGENDEN FÄLLEN AUSSERHALB DER GESCHÄFTSZEITEN +49 (0)7071 - 40 78 56-99
Als Rahmenvertragskunde wählen Sie bitte die bereitgestellte Rufbereitschaftsnummer
Ihr direkter Kontakt zu SySS +49 (0)7071 - 40 78 56-0 oder anfrage@syss.de
IN DRINGENDEN FÄLLEN AUSSERHALB DER GESCHÄFTSZEITEN +49 (0)7071 - 40 78 56-99
Als Rahmenvertragskunde wählen Sie bitte die bereitgestellte Rufbereitschaftsnummer
Direkter Kontakt
+49 (0)7071 - 40 78 56-0 oder anfrage@syss.de
IN DRINGENDEN FÄLLEN AUSSERHALB DER GESCHÄFTSZEITEN
+49 (0)7071 - 40 78 56-99
Als Rahmenvertragskunde wählen Sie bitte die bereitgestellte Rufbereitschaftsnummer