I’m reading about a [large breach](https://vulnera.com/newswire/brightline-data-breach-affects-over-780k-pediatric-mental-health-patients/) of Protected Health Information (PHI) that affected over 780,000 patients. From the article:
> The breach occurred after a ransomware gang exploited a zero-day vulnerability ([CVE-2023-0669](https://nvd.nist.gov/vuln/detail/CVE-2023-0669)) in the company’s Fortra GoAnywhere MFT secure file-sharing platform.
The description of the problem comes from NIST’s National Vulnerability Database (2nd link)”
> Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
My understanding of a zero-day vulnerability is that it means there’s a publicly known weakness that hasn’t been fixed yet, but I haven’t found simplified explanations of how the hackers got the data.
In: 1
Pre-Authentication is a point in time: before the user has logged in. Ergo, this is an attack that does not require a user to be logged in. Hence, no username or password is even required to try abusing it. (as opposed to something that requires you at least be logged in first).
So this is quite serious in that the only thing preventing an attacker from going at it would be they need to get connected first. If this service is just on the internet, yeah that’s a huge problem.
Next we have “command injection”. Injection means the attacker can craft something of their own choosing and send it to the server to have it acted on. In this case, a “command”. A bit vague, and I don’t know anything about the app in question. I’m guessing you could run command-line programs on the server of your own choosing. Or something similar.
Latest Answers