Dutch IT Leaders Logo mobile
Search icon
HR | Talent | Diversity Future of Business Technology Culture & Leadership Sustainability | Green IT
Witold Kepinski - 28 augustus 2023

Kritieke kwetsbaarheid in CrushFTP

Er is een kritieke kwetsbaarheid in CrushFTP ontdekt, zo meldt Digital Trust Center (DTC).

Security Cybersecurity
Kritieke kwetsbaarheid in CrushFTP image

CrushFTP geeft aan dat er een kritieke kwetsbaarheid in de versies lager dan 10.5.1 zit. Advies is om te updaten naar de versie 10.5.1 of hoger. Meer informatie over de kwetsbaarheid en hoe je CrushFTP kan updaten, vind je hier.

REGARDING THE RECENT VULNERABILITY ANNOUNCEMENT AUGUST 10, 2023! (bron)

If your CrushFTP version is less then 10.5.1, you are vulnerable. No exception. Look at your version number on the dashboard, and it must be 10.5.1 or higher to be safe. For reference, v6, v7, v8,v9...those numbers are less than v10.5.1. Yes, they are vulnerable! Anything below 10.5.1 is vulnerable.
The vulnerability CVE will be released soon. This vulnerability is critical because it does NOT require any authentication. It can be done anonymously and steal the session of other users and escalate to an administrator user. Its critical everyone updates ASAP!

Version 10.5.1_12 10.5.1 has an important security fix everyone needs to install ASAP!

New:
_0:released with important fixes for SMB3 library compatibility

Fixes:
_1:fixed missing thread names on PGP encrypt/decrypt streams
_2:fix for blocked thread on replication of prefs/users/jobs/reports/etc preventing future updates
_3:new pgp library to fix speed issues with pgp ascii armor
_4:fix for starting up job schedules when there are lots of jobs scheduled for the same minute
_5:fix for a rare scenario where a FILE item gets treated as a folder during a Copy task
_6:fix for job scheduler possibly skipping a minute when under extremely super high load
_7:fix for security issue awaiting disclosure.10.5.0 and 10.5.1 are the same, just version bump for notifications. Credit Ryan Emmons
_8:performance improvement for many jobs running at the same time
_9:job scheduling fix for daily/weekly/monthly jobs skipping a day/month/week potentially
_10:updated SFTP libraries to fix private key loading issue for very old key formats using sshtools
_11:another fix for weekly job runs to calculate the correct next run time on new saves of a job
_12:fix for multi-segmented transfers and PGP instream changes

DIC Security Day BW tm 1 juli 2025

Dutch IT events

Event icon

Event

SAIL 2025

Event icon

Event

Dutch IT Security Day

Alle events
Jamf Cybersec 2025 2 BW + BN

Over Witold Kepinski

Witold Kepinski

Witold Kepinski (1969) is Bestuurder, Editor-in-Chief en Director Content van Dutch IT Channel en Dutch IT Leaders. Witold Kepinski is 25 jaar actief in de IT Media en Tech Business branche

Witold Kepinski geeft met een gespecialiseerd team van redacteuren, bloggers en videomakers inzicht in tech business trends en toepassingen waarmee IT-beslissers en Channel Partners impact maken.