January 24, 2024 at 03:05PM A new proof-of-concept exploit is available for a critical authentication bypass vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere Managed File Transfer software. This flaw affects a large percentage of systems and allows unauthenticated remote attackers to create new accounts with admin privileges. The release of this exploit is likely to lead to … Read more
January 24, 2024 at 09:24AM A critical vulnerability (CVE-2024-0204, CVSS score 9.8) in Fortra’s GoAnywhere MFT allows an unauthenticated attacker to create an admin user. Patches were released on Dec 7, urging customers to update to version 7.4.1. Horizon3.ai published a technical writeup on the bug’s root cause and PoC code one day after the … Read more
January 24, 2024 at 02:00AM A critical security flaw (CVE-2024-0204) in Fortra’s GoAnywhere MFT software allows unauthorized user to create admin user. Users unable to upgrade to v7.4.1 should delete InitialAccountSetup.xhtml file in non-container deployments. For container-deployed instances, file should be replaced with empty file and restarted. No evidence of active exploitation. (Words: 49) Key … Read more
January 23, 2024 at 10:46AM Fortra warns of a critical authentication bypass vulnerability in GoAnywhere MFT, affecting versions prior to 7.4.1. Exploitation allows unauthorized creation of admin accounts and could lead to data breaches and malware introduction. The flaw was fixed in version 7.4.1, and users are advised to update immediately. Notably, past incidents suggest … Read more