Showing results for 
Search instead for 
Did you mean: 
Create Post

SCP Server Vulnerability

I have a team in the process of testing the SCP Server software and they have found a vulnerability that prevents us from using it on the government network. Is there any way it can be fixed so that we are able to use the software? Any guidance on this would be greatly appreciated.

Since the openssl component are compiled .dll files either the vendor would need to update and recompile openssl to provide the newer .dll files.  The openssl project doesn't provide any windows .dlls for someone to manually download/update so it couldn't be mitigated without vendor assistance.

c:\program files (x86)\solarwinds\sftp & scp server\libeay32.dll

7/24/2020 9:21:00 am 1.0.1e OpenSSL Shared Library

c:\program files (x86)\solarwinds\sftp & scp server\ssleay32.dll

7/24/2020 9:21:00 am 1.0.1e OpenSSL Shared Library

0 Kudos
0 Replies