Security News > 2024 > January > Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal.
GoAnywhere MFT is a web-based managed file transfer tool that helps organizations transfer files securely with partners and keep audit logs of who accessed all shared files.
While Fortra silently patched the bug on December 7 with the release of GoAnywhere MFT 7.4.1, the company only publicly disclosed it today in an advisory offering limited information.
Today, almost seven weeks later, security researchers with Horizon3's Attack Team published a technical analysis of the vulnerability and shared a proof-of-concept exploit that helps create new admin users on vulnerable GoAnywhere MFT instances exposed online.
The Clop ransomware gang breached over 100 organizations by exploiting a critical remote code execution flaw in the GoAnywhere MFT software.
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now.