A critical vulnerability in the popular software MOVEit, used for file transfer and management, has been discovered, putting the Internet at risk of potential hacks. This vulnerability, known as CVE-2024-5806, allows attackers to bypass authentication and gain access to sensitive data. The severity rating of this vulnerability is 9.1 out of 10.
Last year, a similar critical vulnerability in MOVEit led to the compromise of over 2,300 organizations, including major entities like Shell, British Airways, and government agencies. The current vulnerability allows hackers to use a null string as a public encryption key during authentication, granting them access to the system as a trusted user. This poses a significant threat as attackers can perform various malicious activities, including reading, writing, or deleting files.
In addition to this exploit, another attack scenario allows hackers to obtain cryptographic hashes masking user passwords by manipulating SSH public key paths. The researchers have highlighted the ease with which attackers can upload a public key to a vulnerable server and potentially assume the identity of any SFTP user. This vulnerability affects MOVEit Transfer versions 2023.0.0 before 2023.0.11, 2023.1.0 before 2023.1.6, and 2024.0.0 before 2024.0.2.
Progress Software has released patches to address these vulnerabilities, urging users to update their software immediately to mitigate the risk. Admins of affected systems are advised to block inbound RDP access to MOVEit servers and restrict outbound access to trusted endpoints. The company has not disclosed if the vulnerable component is IPWorks SSH.
Given the widespread impact of last year’s MOVEit vulnerability, it is crucial for organizations to take proactive measures to secure their systems and prevent potential exploitation. Users of MOVEit are encouraged to check their software version and apply the necessary patches to safeguard their data and network from malicious attacks. More information and guidance on addressing these vulnerabilities are available for affected users to ensure the security of their systems.
