Is CoreSSH Server Impacted by the Watchtowr Vulnerability

Question:

Is CoreSSH Server impacted by the Watchtowr Vulnerability (CVE-2024-5806)? For further details, please read the official NIST CVE notice.

Answer:

After a thorough review, our developers determined CoreSSH Server is not affected by this vulnerability in any way. The vulnerability describes behavior that is possible while using the SFTPServer component of IPWorks SSH (.NET Edition), where unintended file access or network path requests may be made without the user's knowledge.

The problem described in a Watchtowr Article and occurs only in the narrow conditions of a test lab. The test code used by those researchers did not follow standard secure development practices recommended by /n software developers, specifically, handling the OnSSHUserAuthentication event and verifying the user's identity before proceeding. Our code handles this event and follows industry best practices for authentication.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.

Copyright © 2025 /n software, Inc.
Contact
Terms of Use
Privacy Statement