Subj : Popular file transfer software has a seriously dangerous security To : All From : TechnologyDaily Date : Wed Jan 24 2024 20:30:06 Popular file transfer software has a seriously dangerous security bug that gives anyone free administrator rights so patch it now to avoid another Moveit-like debacle Date: Wed, 24 Jan 2024 20:24:22 +0000 Description: Fortra GoAnywhere file transfer software has a seriously dangerous security bug, so patch now. FULL STORY ====================================================================== GoAnywhere Managed File Transfer (MFT), the program at the center of a major data reach scandal around a year ago, may have a new high-severity vulnerability which users should patch immediately to avoid more trouble. Cybersecurity researchers Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants discovered the flaw in December 2023, and disclosed it to GoAnywheres developer, Fortra. It is described as a path traversal weakness, and tracked as CVE-2024-0204. It has a severity score of 9.8/10, making it critical. A workaround is available, too As explained by the researchers, as well as cybersecurity firm Horizon3.ai, which subsequently published a proof-of-concept (PoC) exploit, the vulnerability can be used to create a new administrator user for the tool: "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," a new Fortra advisory reads . "The easiest indicator of compromise that can be analyzed is for any new additions to the Admin Users group in the GoAnywhere administrator portal Users -> Admin Users section," Horizon3.ai security researcher Zach Hanley said. "If the attacker has left this user here you may be able to observe its last logon activity here to gauge an approximate date of compromise." Those who are unable to apply the patch at this time can apply a temporary workaround in non-container deployment - delete the InitialAccountSetup.xhtml file in the install directory and then restart the device. For container-deployed instances, Fortra recommends replacing the file with an empty one before restarting. There is currently no evidence of the vulnerability being exploited in the wild, but with the news broken, and a PoC available, its only a matter of time before unpatched endpoints get targeted. Users should apply the patch immediately and avoid risking the integrity of their data. Last year, a vulnerability in GoAnywhere resulted in sensitive data from almost 130 organizations being stolen. Via TheHackerNews More from TechRadar Pro Second ransomware group reported exploiting GoAnywhere security flaw Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/popular-file-transfer-software-has-a-se riously-dangerous-security-bug-that-gives-anyone-free-administrator-rights-so- patch-it-now-to-avoid-another-moveit-like-debacle --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .