Remove UTM SSO reliance on insecure SMB 1.0
We disabled SMB 1.0 on our domain for security reasons, and the UTM SSO stopped working.
Apparently the UTM relies on SMB 1.0 and plain text for SSO!
This needs fixing ASAP and support for SMB 2+ enabling.

13 comments
-
Ethan commented
When will the "next" maintenance release of UTM 9 with this added get released?
-
Tony commented
There have now been multiple releases since June 30th, yet this doesn't seem to have been finished?
-
Ed commented
There's a new SMBv1 exploit now. *sigh*
-
Neil Williams commented
Do you have an ETA on this fix?
-
Chris Doig commented
This is going to be problematic...
https://threatpost.com/say-goodbye-to-smbv1-in-windows-fall-creators-update/126387/ -
Chris Pavey commented
It's unacceptable that our security appliance still uses SMBv1.
-
CakeWalker commented
Yes, Fix please
-
Anonymous commented
just discovered this after disablilng SMB1 due to the Wannacry outbreak. Come on Sophos. There is SMB v2 and SMB v3 that you can configure support for!
-
Fuq'inPissd commented
No wonder why the NHS got hacked using Sophos Firewall's. Cant believe our company went with these posers.
-
sbardosi commented
Holy cow! This needs an immediate Fix!!!
-
Christian commented
Incredible that SMBv1 is still in use, even more so from a company that sells security appliances!
-
Jason Walker commented
Seriously, this needs fixed.
-
John Paul commented
Defiantly !