Filter by Category

GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

goanywhere MFT already prevents EFAIL vulnerabilities

Ashland, NE, May 16, 2018 

In light of the recent OpenPGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure customers and their encrypted emails are not affected by this vulnerability. The review was positive and demonstrates that GoAnywhere MFT is already protected from EFAIL.

The EFAIL warning identifies a weakness with encrypted emails and how secure content can be exfiltrated. The weakness can be further exploited by using the CBC/CFB gadget attack on OpenPGP encrypted MIME parts. An attacker may intercept and alter an encrypted email and add specially crafted HTML MIME parts, which causes vulnerable email clients to send decrypted data to an external party.

While GoAnywhere MFT can process OpenPGP encrypted files, it does not support OpenPGP encrypted emails. GoAnywhere is not affected by the CBC/CFB gadget attack on OpenPGP and S/MIME. Instead, the software uses standard SSL/TLS to decrypt email messages. When messages are retrieved from a mail server, GoAnywhere maintains a separation between MIME parts, writing each part to their own unique file.

Additionally, the software does not evaluate or render HTML emails, mitigating the risk of a direct exfiltration attack.

The GoAnywhere team is dedicated to the continued stability and security of its products. Further security reviews will be performed as new information is published.

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Which is Better: Free SFTP Software vs. Enterprise-Level SFTP Software?

February 14, 2019

Free SFTP Software vs. Enterprise-Level SFTP Software In general, people like free things. Beverages, company lunches, swag at tradeshows and conferences, t-shirts and socks, those intriguing items…


What is Secure File Transfer?

February 5, 2019

Moving sensitive, often-proprietary files from one person—or organization—to another has become a complex aspect of the business world today. This complexity comes not only from the size…


9 Ways to Use GoAnywhere’s Cloud Connector Integrations

January 29, 2019

There are many benefits to having a managed file transfer solution that supports built-in cloud integrations. From trading important files with business partners in Dropbox to automatically updating…


Why You Should Incorporate Managed File Transfer into Your Cybersecurity Strategy

January 21, 2019

Managed File Transfer: A New Cybersecurity Strategy for Sensitive Files Earlier this month, independent news platform Patch reported that Neiman Marcus, a department store chain in the US, has…


10 Ways to Achieve File Transfer Automation with GoAnywhere MFT

January 14, 2019

Here’s a fun fact: When it comes to streamlining file transfer processes, automation is the supporting sidekick to any IT or cybersecurity professional. Like Robin supports Batman…