Topic "WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800"

Author Message
SomeGuyInSecurity

Guest


Is WinSCP 5.7.6 which uses OpenSSL 1.0.1p Susceptible to the DROWN Vulnerability called out in CVE-2016-0800?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
https://www.openssl.org/news/secadv/20160301.txt
https://www.openssl.org/news/vulnerabilities.html
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24995
Location: Prague, Czechia
WinSCP does not support SSL 2.0 since version 4.3. So I believe it makes it immune to the DROWN.
Though the vulnerability is not described in detail from a client point of view.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License