Recently I begun using iDrive cloud backup service, using their Windows client.
Being who I am I sniffed around and found that during the backup the Windows app is backing up files to the service server using SSL 2.0, which is considered as not secure.
See a Wireshark screenshot below.
Log of events trying to get iDrive response for this issue:
2-Dec-2019 – I sent an email to their support asking about this problem. I received immediately an auto-reply email with support case ID number
7-Dec-2019 – Since I didn’t get any human reply, I sent another email asking for reply, using the relevant case ID.
9-Dec-2019 – I got a reply that my case was filed under a case ID for all the past enhancements requests I sent before
Right after accepting this email I replied that this is not an enhancement request but a vulner to take care of and that I wish a security employee will contact me
That’s it. Nothing since then. It’s time to go public.
To their credit I must note that they claim their app encrypts the data before it is sent over the network (I didn’t check this part. Yet…).
Still, I believe every layer should be secured correctly.