Posted: April 22, 2014
This information applies only to VShell FTPS versions. VShell (SSH2/SFTP), regardless of platform and version, is not affected by the Heartbleed vulnerability because it does not provide FTPS connectivity.
VShell FTPS for Windows has never used OpenSSL. VShell FTPS for Windows is not affected by the Heartbleed vulnerability.
VShell FTPS for supported UNIX platforms uses OpenSSL for FTPS protocol support. Depending on the platform, VShell FTPS for UNIX may or may not be vulnerable to the Heartbleed vulnerability:
In addition to upgrading VShell or OpenSSL on vulnerable systems, it is recommended that any SSL certificates, including associated private keys, used by VShell FTPS be replaced and user passwords should be changed.
|Operating System||OpenSSL Version||Linked||Vulnerable?||Action|
|Ubuntu, RHEL, AIX||1.0.1||Dynamic||Possible||Upgrade OpenSSL on OS to a non-vulnerable version|
|Mac OS X||1.0.1||Static |
(VShell 4.0.0 & 4.0.1 only)
|Yes||Upgrade to VShell 4.0.2 or later|
CERT published an advisory on this vulnerability on April 7, 2014.
CODENOMICON published an advisory on this vulnerability on April 15, 2014.
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.