WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

Reply to topic
Log in

SomeGuyInSecurity Guest

WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

2016-04-22 19:49

Is WinSCP 5.7.6 which uses OpenSSL 1.0.1p Susceptible to the DROWN Vulnerability called out in CVE-2016-0800?

https://www.cve.org/CVERecord?id=CVE-2016-0800
https://openssl-library.org/news/secadv/20160301.txt
https://openssl-library.org/news/vulnerabilities/

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,518
Location:: Prague, Czechia

Re: WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

2016-04-22

WinSCP does not support SSL 2.0 since version 4.3. So I believe it makes it immune to the DROWN.
Though the vulnerability is not described in detail from a client point of view.

Reply with quote

Reply to topic
Log in

You can post new topics in this forum

WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

Re: WinSCP 5.7.6/OpenSSL 1.0.1p Susceptible to DROWN???? CVE-2016-0800

Documentation

Support

Associations

Follow Us