Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

2016-04-22

WinSCP does not support SSL 2.0 since version 4.3. So I believe it makes it immune to the DROWN.
Though the vulnerability is not described in detail from a client point of view.

SomeGuyInSecurity

WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

2016-04-22 19:49

Is WinSCP 5.7.6 which uses OpenSSL 1.0.1p Susceptible to the DROWN Vulnerability called out in CVE-2016-0800?

https://www.cve.org/CVERecord?id=CVE-2016-0800
https://openssl-library.org/news/secadv/20160301.txt
https://openssl-library.org/news/vulnerabilities/

Post a reply

Topic review

Re: WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

Documentation

Support

Associations

Follow Us