Passive SSH Key Compromise (RSA) · SFTP Gateway Support

Overview

A security advisory applies to recent versions of SFTP Gateway. A vulnerability in a dependency library exposes a way to guess the server host private key, when RSA is used.

We recommend that you take the following actions below.

Check your version of SFTP Gateway

This vulnerability affects SFTP Gateway versions (3.0.0 through 3.4.4).

You can check the version of SFTP Gateway by scrolling to the footer of the web admin portal.

Alternatively, you can SSH into the VM and list the files in /opt/sftpgw/ which show the version in the file names.

Perform an in-place upgrade to version 3.4.5

The easiest way to upgrade would be to use our in-place upgrade script.

Note: you must already be on SFTP Gateway version 3 in order to perform an in-place upgrade.

Migrate to version 3.4.5

The safest way to upgrade is to perform a migration.

This involves exporting a backup of your existing server, and importing the backup into a new instance of v3.4.5. Finally, perform an IP or DNS cutover to the new server.

How the vulnerability works

If an attacker is able to collect enough network traffic, he could potentially guess the server host private key, when RSA is used. He could then try to impersonate the server in a man-in-the-middle (MITM) attack.

When the server host key signature is calculated, RSA uses a shortcut algorithm that sometimes produces errors. A passive observer can spot these errors and make educated guesses to figure out the private key.

This vulnerability only applies to RSA. Other algorithms like ed25519 are not affected.

Contact Support

If you run into any issues, you can reach out to us via email at support@thorntech.com.