A flaw in the file transfer service 'MOVEit Transfer' was discovered, and traces of an attempt to exploit it were found shortly after.



MOVEit Transfer, an enterprise service that transfers files using SFTP and HTTP protocols, has had security flaws and an exploit attempt was made just one day after the vendor reported the vulnerability.

MOVEit Gateway Critical Security Alert Bulletin – June 2024 – (CVE-2024-5805) - Progress Community

https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805

Article Detail
https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806

Hackers target new MOVEit Transfer critical auth bypass bug
https://www.bleepingcomputer.com/news/security/hackers-target-new-moveit-transfer-critical-auth-bypass-bug/

Exploit attempts have been documented for new MOVEit transfer vulnerability - patch as soon as possible!
https://thehackernews.com/2024/06/new-moveit-transfer-vulnerability-under.html

According to a report by Progress Software, which provides MOVEit Transfer, there is an improper authentication vulnerability in the SFTP module of MOVEit Transfer, which may allow authentication bypass. If exploited, this vulnerability, which has been assigned the identifier CVE-2024-5806 , may allow access to confidential data stored on the MOVEit Transfer server or manipulation of files.

Additionally, an authentication bypass vulnerability was found in MOVEit Gateway, a proxy service designed for MOVEit Transfer, which has been assigned CVE-2024-5805 .

According to a report by the threat monitoring platform Shadowserver Foundation, exploit attempts were made shortly after the vendor's report.



Security firm watchTowr, which analyzed the vulnerability in detail, noted that 'an attacker could obtain a masked cryptographic hash of a user password and manipulate the SSH public key path to force authentication with a malicious SMB server and a valid username. Since MOVEit's primary purpose is file transfer, uploading a public key to a vulnerable server is not a particularly high hurdle for an attacker to overcome .'

A patch for this issue was distributed on June 11, 2024. Progress Software stated that it has not received any reports that these vulnerabilities have been exploited in the wild, and is not aware of any direct impact to customers.

In addition, MOVEit Transfer was hit with a vulnerability in 2023 that affected hundreds of companies, including Sony.

Sony admits that data of about 6,800 employees was leaked in a security breach - GIGAZINE



in Web Service,   Security, Posted by log1p_kr