1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA30822

JSCAPE Secure FTP Applet Host Key Verification Security Issue

Report ID: SA30822
Source: Secunia
Date of Discovery: 23.06.2008
Criticality: Low
Affects:
JSCAPE Secure FTP Applet 4.x
Compromise From: From remote
Compromise Type: Spoofing

Summary

A security issue in JSCAPE Secure FTP Applet, which can be exploited by malicious people to conduct spoofing attacks.

Detailed Description

A security issue in JSCAPE Secure FTP Applet, which can be exploited by malicious people to conduct spoofing attacks.

The problem is that the certificate presented by a server at the beginning of a secure session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack.

The security issue is reported in versions prior to 4.9.0.

Solution

Update to version 4.9.0.