CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
First published: Mon Jan 22 2024(Updated: )
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Credit: df4dee71-de3a-4139-9588-11b62fe6c0ff
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HelpSystems GoAnywhere Managed File Transfer | =7.4.1 | |
| HelpSystems GoAnywhere Managed File Transfer | >=7.0.0<7.4.1 | |
| HelpSystems GoAnywhere Managed File Transfer | =6.0.0 |
Remedy
Upgrade to version 7.4.1 or higher. The vulnerability may also be eliminated in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, replace the file with an empty file and restart. For additional information, see https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml (registration required). https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/fortra-warns-of-new-critical-goanywhere-mft-auth-bypass-patch-now/
- https://www.bleepingcomputer.com/news/security/exploit-released-for-fortra-goanywhere-mft-auth-bypass-bug/
- https://www.theregister.com/2024/01/24/public_exploit_published_within_hours/
- https://www.fortra.com/security/advisory/fi-2024-001
- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
- http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html
- http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html
- https://chromereleases.googleblog.com/2024/03/long-term-support-channel-update-for_11.html (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-0204?
CVE-2024-0204 is considered a critical severity vulnerability due to its potential for authentication bypass.
How do I fix CVE-2024-0204?
To fix CVE-2024-0204, upgrade Fortra GoAnywhere MFT to version 7.4.1 or later.
What does CVE-2024-0204 allow an attacker to do?
CVE-2024-0204 allows an unauthorized user to create an admin user via the administration portal.
Which versions of Fortra's GoAnywhere MFT are affected by CVE-2024-0204?
CVE-2024-0204 affects Fortra GoAnywhere MFT versions from 6.0.0 to 7.4.0.
Is there an exploit available for CVE-2024-0204?
Yes, an exploit for CVE-2024-0204 has been published, enabling attackers to leverage the authentication bypass.
- agent/weakness
- agent/title
- agent/remedy
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-0204
- alias/CVE-2023-0669
- collector/the-register
- source/The Register
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/chrome-releases
- agent/severity
- agent/references
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/trending
- agent/source
- agent/news-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/tags
- agent/softwarecombine
- vendor/fortra
- canonical/helpsystems goanywhere managed file transfer
- version/helpsystems goanywhere managed file transfer/7.4.1
- version/helpsystems goanywhere managed file transfer/7.0.0
- version/helpsystems goanywhere managed file transfer/6.0.0