Skip to content

Authentication Bypass in GoAnywhere MFT

Notifications You must be signed in to change notification settings

horizon3ai/CVE-2024-0204

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT

Script to create a new admin user in GoAnywhere MFT.

Blog Post

More details here: https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive

Usage

Password must be at least 8 characters long to meet GoAnywhere MFT complexity requirements.

% python3 CVE-2024-0204.py -h
usage: CVE-2024-0204 GoAnywhere Authentication Bypass [-h]
                                                      endpoint username
                                                      password

positional arguments:
  endpoint    The endpoint URL (e.g., http://127.0.0.1:8080)
  username    New admin username
  password    New admin password

optional arguments:
  -h, --help  show this help message and exit

Follow the Horizon3.ai Attack Team on Twitter for the latest security research:

Disclaimer

This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.

About

Authentication Bypass in GoAnywhere MFT

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages