by Patrick Mills | Jun 13, 2022 | FTP Logs, FTP Server Administration, FTP Server Security
As part of our continuous effort to pursue security best practices, Cerberus FTP Server now issues a security warning when a RSA public key uses a weak, FIPS-invalid exponent. Once Cerberus moves to OpenSSL 3, if you have FIPS enabled and you have SFTP users with RSA... by Paul Harada | Jun 13, 2022 | FTP Server Administration, FTP Server Security
Cerberus FTP is pleased to announce an update to our file extension management: the ability to set an allowed extension list! This feature allows administrators to restrict all file uploads except those with specific extensions. About the New Feature Cerberus FTP... by Vincent Drake | Jun 1, 2022 | FTP Server Administration, FTP Server Security
Critical Security Advisory A critical security issue has been identified in Cerberus FTP Server. We urge customers to download version 12.7.4 and upgrade as soon as possible. Scope All editions (Enterprise, Professional, Standard) of Cerberus FTP Server are... by Patrick Mills | May 9, 2022 | FTP Server Administration, FTP Server Security, New Release
As part of our continuous effort to pursue security best practices, Cerberus FTP Server now issues a security warning when FTP and FTPS listeners do not enforce session reuse. Once upgraded to version 12.7, running Cerberus FTP Server with FTP or FTPS listeners that... by Vincent Drake | May 9, 2022 | FTP Server Administration, New Release, Web Client
Cerberus FTP Server 12.7 now supports “Forgot your password?” password reset for accounts with Two Factor Authentication (2FA) enabled. What’s Changing? Prior to 12.7, accounts with 2FA enabled were simply not allowed to use the “forgotten password” reset. Following... by Paul Harada | May 9, 2022 | FTP Server Administration, FTP Server Security, New Release, Web Client
New in Cerberus FTP Server 12.7 Enterprise Edition is a tightening of security settings in the Web Administration and Web Client features. As part of our increased focus on security best practices, this change reduces cross-site scripting attack surfaces by... by Vincent Drake | Mar 6, 2024 | FTP Server Administration, FTP Server Security, Windows Server
As part of our continuous effort to pursue best practices with IT credentials, Cerberus FTP Server now issues a security warning when running with LocalSystem service credentials. Following the above change, once upgrading to version 12.6, customers will encounter a... by Vincent Drake | Mar 28, 2022 | FTP Server Administration, Informational, New Release, News
This feature allows administrators to acknowledge system messages, hiding them from the System Messages list. About System Message Acknowledgment The Cerberus FTP Server System Messages area is where the server communicates potential security issues to system... by Grant Averett | Mar 7, 2024 | FTP Basics, FTP Server Security
Introduction to Secure File Transfer Protocols Are you curious about which protocols your FTP Server should support? With so many protocols available and so many opinions on the Internet, this can be a difficult decision to make. We have compiled an easy-to-understand... by Vincent Drake | Jan 18, 2022 | FTP Server Administration, FTP Server Security
Summary In previous versions of Cerberus FTP Server, SSH and SSL/TLS keys were managed jointly. This meant that expiration of SSL/TLS certificates would require renewal of SSH keys. In effort to improve usability and security, we are separating the management of SSH... by Grant Averett | Dec 30, 2021 | FTP Server Security, Informational, News
Cerberus is not and cannot be affected by the log4j 0-day vulnerability described by CVE-2021-44228. Cerberus FTP Server does not use the vulnerable Java log4j library, but a similar C++ rewrite called Log4cxx. The Log4cxx library is patterned... by Paul Harada | Oct 26, 2021 | FTP Server Administration, Informational, News, Reporting
What’s New We are excited to bring administrators a brand new report to display access to your Cerberus FTP folders. Together with the recent addition of secondary group memberships and AD & LDAP reporting features, this report combines and displays all users... by Vincent Drake | Jun 14, 2022 | FTP Server Administration, FTP Server Security, News
Cerberus FTP Server version 12.3.0 includes some significant changes to the installer. These changes have to do with setting the Cerberus FTP Server service credentials. What are Service Credentials? Every process has a Windows identity which determines what files,... by Grant Averett | Sep 3, 2021 | FTP Server Administration, Informational, News, Reporting
What’s New We’ve added four major new account management and reporting features in Cerberus FTP Server 12.2: Showing group membership from Active Directory (AD) group to Cerberus group mappings for AD usersNative Cerberus users now have secondary groups to allow... by Patrick Mills | Sep 3, 2021 | FTP Server Security, News
Security Advisory Description Cerberus FTP Server versions prior to 12.2.0 and 11.3.10 are vulnerable to a SSL/TLS Triple Handshake attack. In a previous blog post, we discussed functionality to limit vulnerabilities due to renegotiation attacks. miTLS describe the... by Paul Harada | Sep 3, 2021 | FTP Logs, FTP Server Administration, News, Regulatory Compliance
Enterprise users of Cerberus FTP Server have frequently requested an integrated way to clean their reporting database. A new feature for 12.2 allows administrators to remove old audit & file records. Accessible from the database configuration page, administrators... by Paul Harada | Sep 3, 2021 | FTP Server Security, News, Web Client
Security Advisory Description During a security audit, we determined that Cerberus FTP Server Enterprise versions prior to 12.2 and 11.3.10 are vulnerable to a cross-site scripting (XSS) attack. This vulnerability is located in the preview lightbox plugin... by Patrick Mills | Jul 20, 2021 | Automation, FTP Server Administration, Informational, News
Building on the “Send a File” file feature introduced in 11.2, we’ve added another highly requested action for the Transfer File Target that allows retrieving a file from another server via SFTP, FTP, FTPS, or HTTP/S GET in Cerberus FTP Server 12.1 Enterprise. With... by Patrick Mills | Jul 20, 2021 | FTP Server Security, News
Security Advisory Description Cerberus FTP Server versions prior to 12.1 and 11.3.9 are vulnerable to a SSL Renegotiation Denial of Service attack. This vulnerability is a form of CVE-2011-1473 which abuses the normal TLS/SSL connection process to create excessive CPU... by Vincent Drake | Jun 9, 2021 | FTP Server Administration, Informational, News, Uncategorized
There have been a few changes to the Cerberus SOAP API with version 12.0 that developers should be aware of. As always, we strive to keep the API backward-compatible, but it is not always possible as new functionality is added to Cerberus FTP Server. Public Share...