GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
Description
GoAnywhere MFT versions prior to 7.4.1 contain a critical authentication bypass vulnerability (CVE-2024-0204) that allows remote attackers to circumvent authentication controls through specially crafted HTTP requests. This vulnerability enables unauthorized users to create administrative accounts and gain complete control over the managed file transfer system without requiring valid credentials.
Remediation
1. Immediately upgrade GoAnywhere MFT to version 7.4.1 or later, which addresses this vulnerability
2. Review all administrator accounts created since deployment and remove any unauthorized or suspicious accounts
3. Audit system logs for unusual authentication patterns or HTTP requests that may indicate exploitation attempts
4. If immediate patching is not possible, restrict network access to the GoAnywhere MFT administrative interface using firewall rules or network segmentation to trusted IP addresses only
5. After patching, rotate all administrative credentials and API keys as a precautionary measure
6. Implement monitoring for unauthorized account creation and privilege escalation activities