In late September, a team at Google discovered a serious vulnerability in SSL 3.0, known as “POODLE”.
By exploiting this vulnerability, an attacker can gain access to data send over what is supposed to be a secured connection.
SFTPPlus Server and Client are affected by SSLv3 …
SFTPPlus uses OpenSSL only for FTPS protocol. SFTP protocol is not affected by this bug.
On Unix and Linux, SFTPPlus software use the OpenSSL library provided by the operating system. Unix and Linux operating system supported by SFTPPlus (RHEL 4, RHEL5, RHEL6, SLES 11, AIX 5.3) are not affected …
Monday, 22 April 2013 - we have discovered a security vulnerability affecting SFTPPlus Server version 1.6, 1.7 and 1.8.
Due to an error in checking the SSH key signature, when SSH key authentication is used for a SFTP transfer, a user can obtain server access by using only …
Last week a bug was discovered in all OpenSSL version. This bug can cause various security issues.
More information about the original vulnerability report for OpenSSL can be found from National Cyber Awareness System
A fix was already provided by the OpenSSL team as of 24 of April 2012.
Please …
