The SFTP module of the MOVEit Transfer managed file transfer solution has a flaw in the SSH authentication process that can lead to it being bypassed.
MOVEit Transfer allows for encrypted uploading and downloading from a server via the SFTP protocol. Once an attacker is able to bypass authentication, the most damaging follow-on attacks include:
- Obtaining persistence via uploading or modifying existing public encryption keys on the server.
- Once completed, an attacker can impersonate any user and have full read, write, and delete access to the file system.
- Credential harvesting – obtaining password hashes in an older, easy to crack format.
Affected Versions
- 2023.0.0 before 2023.0.11
- 2023.1.0 before 2023.1.6
- 2024.0.0 before 2024.0.2
What To Do
- Apply patches provided by Progress or disable the software.
- Organizational assets can be found via Bitsight for 4th Party. Go to
4th Party Risk ➔ Products and search for “MOVEit Transfer” products.
Resources
- June 28, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.