Citrix Announces ShareFile Storage Zone Controller Vulnerability

By Richard Charlton
Senior Systems Engineer

Citrix recently announced that file encryption may have been mistakenly disabled after running the CTX269106 mitigation tool. This vulnerability (CVE-2021-22932) potentially allows for the clear text storage of data that should be encrypted.

All customers running an on-premises version of ShareFile are advised to review their configuration to check if IsEncryptionNeeded is set to True by viewing the EncryptionServiceSettings file in the StorageLocation.

If the configuration is affected, customers are advised to upgrade to Storage Zone Controller version 5.11.19 as soon as possible. After the upgrade, customers should then open the ShareFile Configuration Page and select the option to Encrypt Files when prompted so that a background encryption can be scheduled.

Further details regarding the vulnerability may be found at https://support.citrix.com/article/CTX322787 and Helient engineers are available to discuss and assist with remediation.

If you would like more information or assistance from our industry leading team of Citrix experts, please contact us at service@helient.com.