Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Fortra GoAnywhere P...
Clear all

Fortra GoAnywhere Patch Now: Flaw lets anyone be admin

1 Posts
1 Users
Brandon Lee
Posts: 401
Member Admin
Topic starter

Fortra has recently identified a severe security vulnerability in its GoAnywhere Managed File Transfer (MFT) software. This vulnerability, designated as CVE-2024-0204, is of high concern with a CVSS score of 9.8 out of 10, indicating its critical nature.

The security flaw allows for an authentication bypass in versions of GoAnywhere MFT earlier than 7.4.1. Exploiting this vulnerability, an unauthorized individual could create a new administrator account through the administration portal. Fortra released this information in a security advisory on January 22, 2024.

For users unable to update to version 7.4.1 immediately, Fortra recommends certain temporary measures. In non-containerized deployments, one can mitigate the risk by deleting the InitialAccountSetup.xhtml file found in the installation directory and then restarting the associated services.

In instances where GoAnywhere MFT is deployed in containers, the suggested workaround is to replace the InitialAccountSetup.xhtml file with an empty file and subsequently restart the system. These steps are critical interim solutions to safeguard the system against potential unauthorized administrative access.

Posted : 24/01/2024 11:06 am