Vulnerability Overview
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak and should be replaced with SHA-256 or SHA-512.
- Identifier : SBA-ADV-20250325-02
- Type of Vulnerability : CWE-328: Use of Weak Hash
- Software/Product Name : Cyberduck and Mountain Duck
- Vendor : iterate GmbH
- Affected Versions : Cyberduck <= 9.1.6 and Mountain Duck <= 4.17.5
- Fixed in Version : Cyberduck 9.1.7 and Mountain Duck 4.17.6
- CVE ID : CVE-2025-41256
- GHSA : GHSA-688c-vjrc-84rv
- CVSS Vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- CVSS Base Score : 7.4 (High)
Vendor Description
Cyberduck is a libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox.
Source: https://cyberduck.io/
Mountain Duck lets you mount server and cloud storage as a disk in Finder on macOS and the File Explorer on Windows. Open remote files with any application and work like on a local volume.
Source: https://mountainduck.io/
Impact
As only the SHA-1 fingerprint of the certificate is stored and SHA-1 is considered weak, an attacker could provoke a hash collision and thus perform machine-in-the-middle attack on the TLS encrypted connection, resulting in a total loss of confidentiality and integrity of the connection.
Vulnerability Description
When permanently accepting an unknown TLS certificate for a specified service, Cyberduck and Mountain Duck store the certificate fingerprint to their own configuration file. The certificate fingerprint is stored as SHA-1, which is considered weak.
Proof of Concept
-
Setup a TLS encrypted WebDAV server, which uses a self-signed certificate (in this case at the IP address 10.42.42.1).
-
Create a new connection to the server in Cyberduck or Mountain Duck.
-
The following certificate error is shown, since the self-signed certificate is not trusted:
To always trust this certificate for this connection, Always Trust must be checked before clicking Continue.
- Afterwards the following dialog shows up, asking if you want to install the certificate:
By clicking No the mounting process gets canceled, therefore to continue clicking Yes is required.
- Now, the fingerprint of the certificate is stored at the configuration file of the application:
Cyberduck (C:\Users\<USER>\AppData\Roaming\Cyberduck\Cyberduck.user.config):
<?xml version="1.0" encoding="utf-8"?><configuration><userSettings><Ch.Cyberduck.Properties.SharedSettings><setting name="Migrate" serializeAs="String"><value>False</value></setting><setting name="CdSettings" serializeAs="Xml"><value>
<settings>
[...]
<setting name="10.42.42.1.certificate.accept" value="88B16586B9EDF0F3A49663306BC4553289252909" />
<setting name="bookmark.toggle.options" value="false" />
</settings></value></setting></Ch.Cyberduck.Properties.SharedSettings></userSettings></configuration>
Moutain Duck (C:\Users\<USER>\AppData\Roaming\Cyberduck\Mountain Duck.user.config):
<?xml version="1.0" encoding="utf-8"?><configuration><userSettings><Ch.Cyberduck.Properties.SharedSettings><setting name="Migrate" serializeAs="String"><value>False</value></setting><setting name="CdSettings" serializeAs="Xml"><value>
<settings>
<setting name="bookmark.9e30b689-b7c6-40e1-90f1-fb090f77713d" value="0" />
<setting name="session.9e30b689-b7c6-40e1-90f1-fb090f77713d" value="0" />
<setting name="update.check.guid" value="a5fa3efc-8647-4a85-8d49-962e6c4cac77" />
<setting name="10.42.42.1.certificate.accept" value="88B16586B9EDF0F3A49663306BC4553289252909" />
</settings></value></setting></Ch.Cyberduck.Properties.SharedSettings></userSettings></configuration>
The application stores the SHA-1 certificate fingerprint, although SHA-1 is considered weak. An attacker could provoke a hash collision and thus perform machine-in-the-middle attack on the TLS encrypted connection, resulting in a total loss of confidentiality and integrity of the connection.
Recommended Countermeasures
We recommend to update to Cyberduck version 9.1.7 / Mountain Duck version 4.17.6 or later, which applies the following countermeasure.
When permanently accepting a TLS certificate for a specific service, the application should store the certificate fingerprint using a modern hashing algorithm, such as SHA-256 or SHA-512.
Timeline
2025-03-25 Identified the vulnerability in Cyberduck version 9.1.3 and Mountain Duck version 4.17.32025-03-27 Initial contact attempt and disclosure of vulnerability to iterate GmbH via GitHub Security Advisory2025-04-09 Vendor accepted this report2025-06-20 Vendor created a private fork to address the problem2025-06-23 Vendor merged the patch to main2025-06-24 Vendor released Cyberduck 9.1.7 / Mountain Duck 4.17.62025-06-24 Public disclosure via GHSA2025-06-25 SBA Research assigned CVE-2025-412562025-06-25 Public disclosure via CVE
References
Credits
tkostalSBA Reporter
andreasboll Reporter
Vulnerability Overview
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak and should be replaced with SHA-256 or SHA-512.
Vendor Description
Source: https://cyberduck.io/
Source: https://mountainduck.io/
Impact
As only the SHA-1 fingerprint of the certificate is stored and SHA-1 is considered weak, an attacker could provoke a hash collision and thus perform machine-in-the-middle attack on the TLS encrypted connection, resulting in a total loss of confidentiality and integrity of the connection.
Vulnerability Description
When permanently accepting an unknown TLS certificate for a specified service, Cyberduck and Mountain Duck store the certificate fingerprint to their own configuration file. The certificate fingerprint is stored as SHA-1, which is considered weak.
Proof of Concept
Setup a TLS encrypted WebDAV server, which uses a self-signed certificate (in this case at the IP address
10.42.42.1).Create a new connection to the server in Cyberduck or Mountain Duck.
The following certificate error is shown, since the self-signed certificate is not trusted:
To always trust this certificate for this connection,
Always Trustmust be checked before clickingContinue.By clicking
Nothe mounting process gets canceled, therefore to continue clickingYesis required.Cyberduck (
C:\Users\<USER>\AppData\Roaming\Cyberduck\Cyberduck.user.config):Moutain Duck (
C:\Users\<USER>\AppData\Roaming\Cyberduck\Mountain Duck.user.config):The application stores the SHA-1 certificate fingerprint, although SHA-1 is considered weak. An attacker could provoke a hash collision and thus perform machine-in-the-middle attack on the TLS encrypted connection, resulting in a total loss of confidentiality and integrity of the connection.
Recommended Countermeasures
We recommend to update to Cyberduck version 9.1.7 / Mountain Duck version 4.17.6 or later, which applies the following countermeasure.
When permanently accepting a TLS certificate for a specific service, the application should store the certificate fingerprint using a modern hashing algorithm, such as SHA-256 or SHA-512.
Timeline
2025-03-25Identified the vulnerability in Cyberduck version 9.1.3 and Mountain Duck version 4.17.32025-03-27Initial contact attempt and disclosure of vulnerability to iterate GmbH via GitHub Security Advisory2025-04-09Vendor accepted this report2025-06-20Vendor created a private fork to address the problem2025-06-23Vendor merged the patch to main2025-06-24Vendor released Cyberduck 9.1.7 / Mountain Duck 4.17.62025-06-24Public disclosure via GHSA2025-06-25SBA Research assigned CVE-2025-412562025-06-25Public disclosure via CVEReferences
Credits