Filter by Category

GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

goanywhere MFT already prevents EFAIL vulnerabilities

Ashland, NE, May 16, 2018 

In light of the recent OpenPGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure customers and their encrypted emails are not affected by this vulnerability. The review was positive and demonstrates that GoAnywhere MFT is already protected from EFAIL.

The EFAIL warning identifies a weakness with encrypted emails and how secure content can be exfiltrated. The weakness can be further exploited by using the CBC/CFB gadget attack on OpenPGP encrypted MIME parts. An attacker may intercept and alter an encrypted email and add specially crafted HTML MIME parts, which causes vulnerable email clients to send decrypted data to an external party.

While GoAnywhere MFT can process OpenPGP encrypted files, it does not support OpenPGP encrypted emails. GoAnywhere is not affected by the CBC/CFB gadget attack on OpenPGP and S/MIME. Instead, the software uses standard SSL/TLS to decrypt email messages. When messages are retrieved from a mail server, GoAnywhere maintains a separation between MIME parts, writing each part to their own unique file.

Additionally, the software does not evaluate or render HTML emails, mitigating the risk of a direct exfiltration attack.

The GoAnywhere team is dedicated to the continued stability and security of its products. Further security reviews will be performed as new information is published.

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Red Hat Summit 2018 and Managed File Transfer Recap

May 21, 2018

Last week marked the first year for GoAnywhere as an exhibitor at Red Hat Summit in San Francisco. The three-day conference was a whirlwind of activity, great conversations, and opportunities to…


3 Reasons to Attend VMUG's June 7 Virtual Event

May 17, 2018

Whether you’re already using VMware to manage multiple virtual machines in one console, or you’re just getting started with datacenter virtualization, staying on top of trends, changes,…


GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

May 16, 2018

Ashland, NE, May 16, 2018  In light of the recent OpenPGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure…


Need Help with GDPR Compliance? 3 Simple Steps to Take Now

May 14, 2018

Do you need help preparing for the General Data Protection Regulation (GDPR) deadline on May 25, 2018? If you’re like 67% of IT and security professionals we recently surveyed, you may be well…


3 Cybersecurity Takeaways from RSA Conference 2018

May 8, 2018

The speed and intensity of cyberattacks are growing, and cyber siege is no joke. But the 45,000+ attendees who attended this year’s RSA Conference in San Francisco proved the force of…