Posted: April 22, 2014
This information applies only to VShell FTPS versions. VShell (SSH2/SFTP), regardless of platform and version, is not affected by the Heartbleed vulnerability because it does not provide FTPS connectivity.
VShell FTPS for Windows has never used OpenSSL. VShell FTPS for Windows is not affected by the Heartbleed vulnerability.
VShell FTPS for supported UNIX platforms uses OpenSSL for FTPS protocol support. Depending on the platform, VShell FTPS for UNIX may or may not be vulnerable to the Heartbleed vulnerability:
In addition to upgrading VShell or OpenSSL on vulnerable systems, it is recommended that any SSL certificates, including associated private keys, used by VShell FTPS be replaced and user passwords should be changed.
|Operating System||OpenSSL Version||Linked||Vulnerable?||Action|
|Ubuntu, RHEL, AIX||1.0.1||Dynamic||Possible||Upgrade OpenSSL on OS to a non-vulnerable version|
|Mac OS X||1.0.1||Static |
(VShell 4.0.0 & 4.0.1 only)
|Yes||Upgrade to VShell 4.0.2 or later|
CERT published an advisory on this vulnerability on April 7, 2014.
CODENOMICON published an advisory on this vulnerability on April 15, 2014.