Remove UTM SSO reliance on insecure SMB 1.0
We disabled SMB 1.0 on our domain for security reasons, and the UTM SSO stopped working.
Apparently the UTM relies on SMB 1.0 and plain text for SSO!
This needs fixing ASAP and support for SMB 2+ enabling.
When will the "next" maintenance release of UTM 9 with this added get released?
Tony Ayre commented
There have now been multiple releases since June 30th, yet this doesn't seem to have been finished?
There's a new SMBv1 exploit now. *sigh*
Neil Williams commented
Do you have an ETA on this fix?
Chris Doig commented
This is going to be problematic...
Chris Pavey commented
It's unacceptable that our security appliance still uses SMBv1.
Yes, Fix please
just discovered this after disablilng SMB1 due to the Wannacry outbreak. Come on Sophos. There is SMB v2 and SMB v3 that you can configure support for!
No wonder why the NHS got hacked using Sophos Firewall's. Cant believe our company went with these posers.
Holy cow! This needs an immediate Fix!!!
Incredible that SMBv1 is still in use, even more so from a company that sells security appliances!
Jason Walker commented
Seriously, this needs fixed.
John Paul commented