Horizon3.ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive,” which includes a proof-of concept-exploit (POC) on the widely-used managed file transfer software along with indicators of compromise (IOCs).
Fortra’s GoAnywhere MFT file transfer software is widely used in finance, finance, healthcare, engineering, gaming, logistics, manufacturing, public sector/government, higher education and other sectors to automate and encrypt data between an organization and its trading partners, centralizing file transfer activity and monitoring while improving costs.
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, warning of an authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 that allows an unauthorized user to remotely create an admin user via the administration portal. Customers were made aware of the issue by an internal security advisory post and patch made available on December 4, 2023, in which researchers malcolm0x and Islam Elrfai were originally credited with the discovery. In 2023, file transfer applications were a top target by threat actors.
Links
Horizon3.ai’s “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive” also includes indicators of compromise (IOCs) and remediation recommendations.
Horizon3.ai “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive” (January 23, 2024): https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Horizon3.ai Proof of Concept for CVE-2024-0204: https://github.com/horizon3ai/CVE-2024-0204
Fortra “FI-2024-001 – Authentication Bypass in GoAnywhere MFT” (January 22, 2024): https://www.fortra.com/security/advisory/fi-2024-001
Related
This entry was posted on January 24, 2024 at 8:37 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3.ai Publishes POC Exploit For Fortra GoAnywhere MFT Authentication Bypass
Horizon3.ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive,” which includes a proof-of concept-exploit (POC) on the widely-used managed file transfer software along with indicators of compromise (IOCs).
Fortra’s GoAnywhere MFT file transfer software is widely used in finance, finance, healthcare, engineering, gaming, logistics, manufacturing, public sector/government, higher education and other sectors to automate and encrypt data between an organization and its trading partners, centralizing file transfer activity and monitoring while improving costs.
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, warning of an authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 that allows an unauthorized user to remotely create an admin user via the administration portal. Customers were made aware of the issue by an internal security advisory post and patch made available on December 4, 2023, in which researchers malcolm0x and Islam Elrfai were originally credited with the discovery. In 2023, file transfer applications were a top target by threat actors.
Links
Horizon3.ai’s “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive” also includes indicators of compromise (IOCs) and remediation recommendations.
Horizon3.ai “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive” (January 23, 2024): https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Horizon3.ai Proof of Concept for CVE-2024-0204: https://github.com/horizon3ai/CVE-2024-0204
Fortra “FI-2024-001 – Authentication Bypass in GoAnywhere MFT” (January 22, 2024): https://www.fortra.com/security/advisory/fi-2024-001
Share this:
Like this:
Related
This entry was posted on January 24, 2024 at 8:37 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.