Authentication bypass in Fortra's GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortra goanywhere managed file transfer 6.0.0 |
||
fortra goanywhere managed file transfer |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Ancient path traversal exploit offers remote attackers admin access
Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication bypass hole in December, and it wasn't publicly revealed for more than a month. Researchers from Horizon3 used the clues left behind in Fortra's public advisory, published on January 22, to develop a working exploit and demonstrate how n...