Filter by Category

GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

goanywhere MFT already prevents EFAIL vulnerabilities

Ashland, NE, May 16, 2018 

In light of the recent Open PGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure customers and their encrypted emails are not affected by this vulnerability. The review was positive and demonstrates that GoAnywhere MFT is already protected from EFAIL.

The EFAIL warning identifies a weakness with encrypted emails and how secure content can be exfiltrated. The weakness can be further exploited by using the CBC/CFB gadget attack on Open PGP encrypted MIME parts. An attacker may intercept and alter an encrypted email and add specially crafted HTML MIME parts, which causes vulnerable email clients to send decrypted data to an external party.

While GoAnywhere MFT can process Open PGP encrypted files, it does not support Open PGP encrypted emails. GoAnywhere is not affected by the CBC/CFB gadget attack on Open PGP and S/MIME. Instead, the software uses standard SSL/TLS to decrypt email messages. When messages are retrieved from a mail server, GoAnywhere maintains a separation between MIME parts, writing each part to their own unique file.

Additionally, the software does not evaluate or render HTML emails, mitigating the risk of a direct exfiltration attack.

The GoAnywhere team is dedicated to the continued stability and security of its products. Further security reviews will be performed as new information is published.

Latest Posts


Which is Faster: FTPS or SFTP?

September 16, 2019

FTPS vs. SFTP You may have heard of FTPS and SFTP, but chances are that you may not be super familiar with them. If you haven’t had a chance to dive in deep, read on for a more in-depth look into…


What is EDIFACT?

August 28, 2019

What is EDIFACT? You may have heard of EDIFACT in the past, but chances are it might be a new concept to you and your organization. EDIFACT, which stands for Electronic Data Interchange for…


What is Operation Yellowhammer and How Does it Affect Data Transfers?

August 27, 2019

What is Operation Yellowhammer? If you are located in the United Kingdom (UK), then you may already be familiar with Operation Yellowhammer and its relationship to Brexit and the European Union…


Meeting IT Security and Compliance Requirements with GoAnywhere MFT

August 22, 2019

Meet your IT and compliance requirements easily with GoAnywhere MFT. GoAnywhere helps organizations and IT professionals comply with an array of strict regulations, methods, and technologies. To…