Filter by Category

GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

goanywhere MFT already prevents EFAIL vulnerabilities

Ashland, NE, May 16, 2018

In light of the recent Open PGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure customers and their encrypted emails are not affected by this vulnerability. The review was positive and demonstrates that GoAnywhere MFT is already protected from EFAIL.

The EFAIL warning identifies a weakness with encrypted emails and how secure content can be exfiltrated. The weakness can be further exploited by using the CBC/CFB gadget attack on Open PGP encrypted MIME parts. An attacker may intercept and alter an encrypted email and add specially crafted HTML MIME parts, which causes vulnerable email clients to send decrypted data to an external party.

While GoAnywhere MFT can process Open PGP encrypted files, it does not support Open PGP encrypted emails. GoAnywhere is not affected by the CBC/CFB gadget attack on Open PGP and S/MIME. Instead, the software uses standard SSL/TLS to decrypt email messages. When messages are retrieved from a mail server, GoAnywhere maintains a separation between MIME parts, writing each part to their own unique file.

Additionally, the software does not evaluate or render HTML emails, mitigating the risk of a direct exfiltration attack.

The GoAnywhere team is dedicated to the continued stability and security of its products. Further security reviews will be performed as new information is published.

Latest Posts


Canadian Data Privacy Laws: An Overview

May 13, 2021

Complying with Canada’s data privacy laws is easier with a secure, auditable, and encrypted file transfer solution, such as GoAnywhere MFT.


8 Reasons to Implement an MFT Security Solution

May 11, 2021

Looking for a secure file transfer solution? Discover what makes managed file transfer (MFT) your best bet.


What is World Password Day?

May 6, 2021

Every year on the first Thursday of May, World Password Day is recognized. Let this day serve as a reminder to keep your sensitive data secure with the help of strong passwords.


What is Drummond Certification?

May 5, 2021

Certifying a file transfer solution for Drummond certification is an intensive process resulting in more assurance that MFT software supporting AS4 or AS2 is secure and interoperable.


PGP vs. Open PGP: What’s the Difference?

May 4, 2021

There are many methods of encrypting data. Two prominent methods of doing so are PGP and OpenPGP. That’s what we’ll be breaking down.