HomeMalware & Threats"Fortra GoAnywhere MFT Vulnerability Allows Admin Access for Any User"

“Fortra GoAnywhere MFT Vulnerability Allows Admin Access for Any User”

Published on

spot_img

A security vulnerability has been discovered in Fortra’s GoAnywhere managed file transfer (MFT) software, allowing unauthorized users to create a new admin user. The flaw, tracked as CVE-2024-0204, is a remotely exploitable authentication bypass flaw in the GoAnywhere MFT.

Fortra has issued a mitigation for the issue, recommending users to upgrade to versions 7.4.1 or higher to reduce the vulnerability’s impact. Additionally, users can remove the InitialAccountSetup.xhtml file from the installation directory and restart the service to further mitigate the risk.

The discovery of this vulnerability was initially shared on social media by researchers who were credited with finding and reporting the flaw. The company posted an internal security advisory regarding the vulnerability on December 4, 2023.

This is not the first time that GoAnywhere MFT has been targeted by malicious actors. Last year, the software was exploited by the Russian-speaking digital extortion group Clop, who used a zero-day vulnerability to breach numerous high-profile organizations, including Rio Tinto, Hitachi Energy, Procter & Gamble, and Munich RE.

The incident involving Clop was the beginning of a series of file transfer software hacking events, including a mass data exfiltration against Progress Software’s MOVEit secure file transfer software.

According to Zach Hanley, Chief Attack Engineer at Horizon3.ai, file transfer software has become a lucrative target for ransomware hackers due to the lack of monitoring for malicious traffic and the exposure of administrative interfaces to the open internet. Hanley described the exploit as taking advantage of a configuration error common in the Apache Tomcat runtime environment for Java, allowing attackers to force path traversal attacks by inserting special characters.

Acunetix, an application security testing firm, explained that the flaw occurs when developers combine Tomcat with a reverse proxy, allowing for path traversal. The attacker uses special characters to force GoAnywhere into calling the initial account setup wizard, bypassing a filter meant to stop the wizard from activating after the initial setup.

Hanley emphasized the complexity of the issue, stating that developers ideally should reject URLs containing the special characters from executing in Tomcat environments. However, in some cases, developers may not have control over inspecting the URLs due to the use of different frameworks in the data flow.

He also described the issue as “really, really complicated,” indicating that addressing the vulnerability requires a deep understanding of the underlying technical complexities.

The discovery of the CVE-2024-0204 vulnerability in Fortra’s GoAnywhere MFT highlights the ongoing challenges faced by organizations in securing their file transfer software against sophisticated cyber threats. It also underscores the importance of timely software updates and proactive mitigation measures to reduce the risk posed by such vulnerabilities.

Source link

Latest articles

Successful Hack: Ubiquitous USB 2 Hub Access

The article delves into the intricacies of USB 2.0, a widely used communication standard...

DOD’s Terry Kalka discusses how cloud services have aided in threat detection

In a recent interview, Terry Kalka, the Director of the Defense Industrial Base Collaborative...

APT36 Hackers Targeting Windows Devices Using ElizaRAT

In recent news, a sophisticated threat actor known as APT36 has been actively targeting...

Influencing People to Win in Cyber

Implementing a zero trust approach in an organization is a complex and multi-faceted process...

More like this

Successful Hack: Ubiquitous USB 2 Hub Access

The article delves into the intricacies of USB 2.0, a widely used communication standard...

DOD’s Terry Kalka discusses how cloud services have aided in threat detection

In a recent interview, Terry Kalka, the Director of the Defense Industrial Base Collaborative...

APT36 Hackers Targeting Windows Devices Using ElizaRAT

In recent news, a sophisticated threat actor known as APT36 has been actively targeting...
en_USEnglish