Home
Tech
The popular file transfer software has a very dangerous security bug that gives anyone free administrator rights, so patch it now to avoid another Moveit-like debacle.

The popular file transfer software has a very dangerous security bug that gives anyone free administrator rights, so patch it now to avoid another Moveit-like debacle.

GoAnywhere Managed File Transfer (MFT), the program that was at the center of a major data access scandal about a year ago, may have a new high-severity vulnerability that users should patch immediately to avoid further problems.

Cybersecurity researchers Mohammed Eldeeb and Islam Elrfai of Spark Engineering Consultants discovered the flaw in December 2023 and disclosed it to GoAnywhere developer Fortra.

It is described as a weakness in path traversal and is tracked as CVE-2024-0204. It has a severity score of 9.8/10, making it critical.

There is also a solution available

As explained by the researchers, as well as cybersecurity company Horizon3.ai, which subsequently published a proof-of-concept (PoC) exploit, the vulnerability can be used to create a new administrator user for the tool:

“Authentication bypass in Fortra's GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user through the admin portal,” reads a new advisory from Fortra.

“The easiest indicator of compromise to analyze is any new addition to the Admin Users group in the Users section of the GoAnywhere Admin Portal -> Admin Users,” said Horizon3.ai security researcher Zach Hanley. “If the attacker has left this user here, he may be able to observe their last login activity here to estimate an approximate date of the compromise.”

Those who cannot apply the patch at this time can apply a workaround in a containerless deployment: delete the InitialAccountSetup.xhtml file in the installation directory and then reboot the device. For instances deployed in containers, Fortra recommends replacing the file with an empty one before rebooting.

There is currently no evidence that the vulnerability is being exploited in the wild, but with the news and a PoC available, it is only a matter of time before unpatched endpoints are attacked. Users should apply the patch immediately and avoid putting the integrity of their data at risk.

Last year, a vulnerability in GoAnywhere led to the theft of sensitive data from nearly 130 organizations.

Via TheHackerNews