Security News > 2024 > June > Hackers target new MOVEit Transfer critical auth bypass bug
Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it.
MOVEit Transfer is a managed file transfer solution used in enterprise environments to securely transfer files between business partners and customers using the SFTP, SCP, and HTTP protocols.
The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol module, which is responsible for file transfer operations over SSH. An attacker leveraging this flaw could access sensitive data stored on the MOVEit Transfer server, upload, download, delete, or modify files, and intercept or tamper with file transfers.
Network scans by Censys indicate that there are currently around 2,700 internet-exposed MOVEit Transfer instances, most located in the US, UK, Germany, Canada, and the Netherlands.
Fixes were made available in MOVEit Transfer 2023.0.11, 2023.1.6, and 2024.0.2, available on the Progress Community portal.
To mitigate this flaw until a fix from the third-party vendor is made available, system administrators are advised to block Remote Desktop Protocol access to the MOVEit Transfer servers and restrict outbound connections to known/trusted endpoints.
News URL
Related news
- Critical GitHub Enterprise Server Flaw Allows Authentication Bypass (source)
- Veeam warns of critical Backup Enterprise Manager auth bypass bug (source)
- Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) (source)
- Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (source)
- Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids (source)