A critical authentication bypass vulnerability (CVE-2024-5806) has been discovered in Progress Software’s MOVEit Transfer and MOVEit Cloud-managed file transfer solutions. This flaw, found in the SFTP module of these products, allows attackers to bypass authentication and access sensitive data without proper credentials. Researchers from watchTowr first identified and disclosed this vulnerability, detailing how attackers could manipulate parameters during the SSH authentication process to gain unauthorized access.
The situation escalated quickly after Progress Software released a security bulletin about the vulnerability. Exploit code for this flaw was publicly available within hours, leading to an increase in attack attempts against vulnerable MOVEit installations. This is particularly concerning given MOVEit’s history; the software was previously targeted by the Cl0p ransomware group in a significant attack last year, which exploited a zero-day SQL injection vulnerability to compromise multiple organizations.
Progress Software has released patches for affected versions of MOVEit Transfer and MOVEit Gateway to address this vulnerability. Security experts, including those from Rapid7, have confirmed that the exploit can bypass authentication on unpatched versions. Organizations using these MOVEit solutions are strongly advised to apply the patches immediately to prevent unauthorized access and data theft.
Given the critical nature of this vulnerability, speed in applying security updates is crucial. Organizations should refer to Progress Software’s security bulletin for detailed patching instructions and follow best practices to safeguard their MOVEit deployments. Immediate action is essential to protect sensitive data and mitigate potential risks associated with this flaw.
Reference:
