Filter by Category

GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

goanywhere MFT already prevents EFAIL vulnerabilities

Ashland, NE, May 16, 2018 

In light of the recent Open PGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure customers and their encrypted emails are not affected by this vulnerability. The review was positive and demonstrates that GoAnywhere MFT is already protected from EFAIL.

The EFAIL warning identifies a weakness with encrypted emails and how secure content can be exfiltrated. The weakness can be further exploited by using the CBC/CFB gadget attack on Open PGP encrypted MIME parts. An attacker may intercept and alter an encrypted email and add specially crafted HTML MIME parts, which causes vulnerable email clients to send decrypted data to an external party.

While GoAnywhere MFT can process Open PGP encrypted files, it does not support Open PGP encrypted emails. GoAnywhere is not affected by the CBC/CFB gadget attack on Open PGP and S/MIME. Instead, the software uses standard SSL/TLS to decrypt email messages. When messages are retrieved from a mail server, GoAnywhere maintains a separation between MIME parts, writing each part to their own unique file.

Additionally, the software does not evaluate or render HTML emails, mitigating the risk of a direct exfiltration attack.

The GoAnywhere team is dedicated to the continued stability and security of its products. Further security reviews will be performed as new information is published.

Latest Posts


How SFTP Works

June 13, 2019

How does SFTP work?When you need to secure server-to-server file transfers between yourself, your trading partners, and enterprise servers, SFTP (which stands for SSH File Transfer Protocol or Secure…


Centralize Your EDI X12 File Translation with GoAnywhere MFT

June 3, 2019

GoAnywhere recently released a new version of its award-winning managed file transfer solution, GoAnywhere MFT. Version 6.1 includes support for electronic data interchange (EDI) X12 standards, as…


Why 2019 is the Year to Invest in Secure File Transfer

May 30, 2019

Are You in the Business of Securing Your Data? Securing your data may sound like a simple concept, but in reality, it is no easy feat. Keeping your sensitive data secure is key for keeping your…


How to Think like a Hacker and Secure Your Data [Webinar Recap]

May 23, 2019

There’s no denying that data breach incidents are becoming more common each and every day. Organizations continue to work tirelessly to combat looming threats with the latest cybersecurity best…