FTP Rush 2.1.8 X.509 Validation

2014.05.21
Risk: High
Local: No
Remote: Yes
CWE: CWE-310


CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

Advisory ID: SYSS-2014-002 Product: FTP Rush Vendor: Wing FTP Software Affected Version(s): v2.1.8 Tested Version(s): v2.1.8 (Windows 7 32 bit and Windows 8.1 64 bit) Vulnerability Type: X.509 validation Risk Level: Medium Solution Status: Vendor Notification: 2014-04-04 Solution Date: Public Disclosure: 2014-05-19 CVE Reference: Not assigned, (but similiar to CVE-2012-6606) Author of Advisory: Micha Borrmann (SySS GmbH) Overview: FTP Rush does not validating X.509 certificates, if FTP with TLS is used Vulnerability Details: A user can not recognize an easy to perform man-in-the-middle attack, because the client is not validate the X.509 certificate from the FTP server. In an untrusted networking environment (like a Wifi hotspot), the current FTP AUTH TLS connection with FTP Rush should be classified as not encrypted. Proof of Concept (PoC): not needed Solution: use another client for FTP with AUTH TLS Disclosure Timeline: April 3, 2014 - Vulnerability discovered April 4, 2014 - Vulnerability reported to vendor May 19, 2014 - Vulnerability disclosure, after a period of 45 days for a responsible disclosure Credits: Security vulnerability found by Micha Borrmann of the SySS GmbH. Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS web site (https://www.syss.de/aktuelles/advisories/advisory-ftp-rush/) Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top