Progress Software Corporation recentlypublisheda bulletin about a new security vulnerability in Moveit.
The enterprise-focused file transfer program is affected by a critical flaw that cyber-criminals could easily exploit.
The flaw (CVE-2024-5806) has a severity rating of 9.1 out of 10.
It was located inside Moveit Transfer’s SFTP module, a third-party component of the software.
This vulnerability provides a vector for hackers and cyber-criminals to bypass user authentication and gain access to sensitive data.
WatchTowr Labs security analysts said that hackers couldexploitthe flaw in two scenarios.
Using the hashes, they could manipulate SSH public key paths to execute a “forced authentication.”
The hackers must crack them before using the information for a malicious login attempt.
Recent scans provided by the EU-funded Shadowserver Foundationshowthat more than 1,800 customers use Moveit worldwide.
It’s not the first time Progress Software has been in a serious security situation.
