Fortra fixes critical FileCatalyst Workflow hardcoded password issue
Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges.
The hardcoded password can be used by anyone to remotely access an exposed FileCatalyst Workflow HyperSQL (HSQLDB) database, gaining unauthorized access to potentially sensitive information.
Additionally, the database credentials can be abused to create new admin users, so attackers can gain administrative-level access to the FileCatalyst Workflow application and take complete control of the system.
In a security bulletin published yesterday, Fortra says that the issue is tracked as CVE-2024-6633 (CVSS v3.1: 9.8, "critical") and impacts FileCatalyst Workflow 5.1.6 Build 139 and older releases. Users are recommended to upgrade to version 5.1.7 or later.
Fortra noted in the advisory that HSQLDB is included only to facilitate the installation process and recommends that users set up alternative solutions post-installation.
"The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides," reads the bulletin.
"However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB."
There are no mitigations or workarounds, so system administrators are recommended to apply the available security updates as soon as possible.
Flaw discovery and details
Tenable discovered CVE-2024-6633 on July 1, 2024, when they found the same static password, "GOSENSGO613," on all FileCatalyst Workflow deployments.
Tenable explains that the internal Workflow HSQLDB is remotely accessible via TCP port 4406 on the product's default settings, so the exposure is significant.
Tenable notes that end users cannot change this password by conventional means, so upgrading to 5.1.7 or later is the only solution.
The high level of access, ease of exploitation, and potential gains for cybercriminals exploiting CVE-2024-6633 make this flaw extremely dangerous for users of FileCatalyst Workflow.
Fortra products are permanently in the crosshairs of attackers as critical flaws in them can lead to mass-scale compromises of multiple high-value corporate networks at once.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024