WinSCP 5.5.2.4130 Missing X.509 Validation

2014.04.17
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-003 Product: WinSCP Affected Version(s): 5.5.2.4130 Tested Version(s): 5.5.2.4130 (Windows 7 32 bit and Windows 8.1 64 bit) Vulnerability Type: Missing X.509 validation Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-04-07 Solution Date: 2014-04-09 Public Disclosure: 2014-04-16 CVE Reference: CVE-2014-2735 Author of Advisory: Micha Borrmann (SySS GmbH) - -------------------------------------------------------------------------------- Overview: WinSCP is not checking the "Common Name" of a X.509 certificate, when FTP with TLS is used. - -------------------------------------------------------------------------------- Vulnerability Details: A user can not recognize an easy to perform man-in-the-middle attack, because the client does not validate the "Common Name" of the servers X.509 certificate. In networking environment that is not trustworthy, like a wifi network, using FTP AUTH TLS with WinSCP the servers identity can not be trusted. - -------------------------------------------------------------------------------- Solution: Upgrade to WinSCP 5.5.3 - -------------------------------------------------------------------------------- Disclosure Timeline: April 07, 2014 - Vulnerability discovered April 07, 2014 - Vulnerability reported to vendor April 09, 2014 - Bug was confirmed and fixed by the vendor [1] April 10, 2014 - Bug fix could be confirmed with WinSCP 5.5.3 (Build 4193) April 14, 2014 - WinSCP 5.5.3 (Build 4214) was released [2] - -------------------------------------------------------------------------------- References: [1] http://winscp.net/tracker/show_bug.cgi?id=1152 [2] http://winscp.net/eng/download.php - -------------------------------------------------------------------------------- Credits: Security vulnerability found by Micha Borrmann of the SySS GmbH. E-Mail: micha.borrmann (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Micha_Borrmann.asc Key fingerprint = 6897 7B33 B359 B8BA 0884 969F FC67 EBA9 1B51 128A - -------------------------------------------------------------------------------- Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS web site. - -------------------------------------------------------------------------------- Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTTireAAoJEPxn66kbURKKXe0QAIVS4dK27VeNSE68I2BmgVjR BZkHe7S1X1uec9o7CyT0LUGV+7F/esfDmbfn3vXm/WV6qbUhMLPSIrEKr4HF3bXf s4b/r117Wy9kj02CtLTAw82egLWYakNPq168v0+zi0tTYY1xqgErPVlid8zPmR9n aNDQ4MH1HX3PSyXb3q4fkZGUhKgZuCxjwDE1jCm1TroUVy3+NhaE7kZKls6DV8UM KgbMkee0lyGRWKzGG/+by7qdqT9iHK1tBcI18XEQxlHQjRFG/SDyL1eCyg+VORB6 8fVgh8bN1UyIEouZBnrqx6hhNQua7iMmeV5aTEMstMgbw3XvEMmEuAN2ZJOeod2U zZ/+huTLULAqfgefwOOVJBw04hbTyfWDhdvFwpVsoEvt6MMtB+hJuA6GXUjGMZ6W TIYiLKDSMOhFVn/zpPySgGLlu6VOyU5D5RWsZXacHJBeMb8nFl6vi5QECjI2pN+s rFGgjMKemz7CEQk4BM2giQD3O7cq68iTwCVcys9EbMllXpY1P+haZGdhnSY4ZoJt s5xWrgkT4YIaMeJPMUV0O9yuSyJYVSCwZYgA/CNv8e40ddkXwymLv07Qvkx59upw Z6WW/+TVPB+wcO1gq+P+sDqXMbkMMF+DjSrvHpuS/gNd5masoJhJRNEnCvpJCDtY Eopi3SjkNeyBsm1wRii2 =se8l -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top