Progress MOVEit Transfer Authentication Bypass [CVE-2024-5806] Ingrid The SFTP module of the MOVEit Transfer managed file transfer solution has a flaw in the SSH authentication process that can lead to it being bypassed. MOVEit Transfer allows for encrypted uploading and downloading from a server via the SFTP protocol. Once an attacker is able to bypass authentication, the most damaging follow-on attacks include: Obtaining persistence via uploading or modifying existing public encryption keys on the server. Once completed, an attacker can impersonate any user and have full read, write, and delete access to the file system. Credential harvesting – obtaining password hashes in an older, easy to crack format. Affected Versions 2023.0.0 before 2023.0.11 2023.1.0 before 2023.1.6 2024.0.0 before 2024.0.2 What To Do Apply patches provided by Progress or disable the software. Organizational assets can be found via Bitsight for 4th Party. Go to 4th Party Risk ➔ Products and search for “MOVEit Transfer” products. Resources Progress Software Corporation, “MOVEit Transfer Critical Security Alert Bulletin – June 2024 – (CVE-2024-5806)” June 28, 2024: Published. Related articles How are Bitsight Security Ratings Calculated? Progress MOVEit Transfer Authentication Bypass [CVE-2024-5806] – June 28, 2024 Vulnerability Severity: Bitsight Severity & CVSS Setting a Custom Login URL with SAML TLS/SSL Finding Remediation & Remediation Verification Feedback 0 comments Please sign in to leave a comment.