Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin



A critical security vulnerability has been revealed in Fortra’s GoAnywhere Managed File Transfer (MFT) software, posing a significant risk with a CVSS score of 9.8 out of 10.

Identified as CVE-2024-0204, this flaw allows unauthorized users to exploit an authentication bypass in Fortra’s GoAnywhere MFT versions preceding 7.4.1, enabling them to create a new administrator user through the administration portal. Fortra issued an advisory on January 22, 2024, addressing the issue.

For users unable to upgrade to version 7.4.1, temporary solutions are available for non-container deployments. This involves deleting the “InitialAccountSetup.xhtml” file in the installation directory and restarting the services. In container-deployed instances, it is recommended to replace the file with an empty one and restart.

The security vulnerability was discovered and reported by Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants in December 2023. Cybersecurity firm, which provided a proof-of-concept (PoC) exploit for CVE-2024-0204, highlighted that the flaw results from a path traversal weakness in the “/InitialAccountSetup.xhtml” endpoint, potentially exploited to create administrative users.

Zach Hanley, a security researcher at, emphasized monitoring the Admin Users group in the GoAnywhere administrator portal’s Users -> Admin Users section for any unexpected additions. While there is currently no evidence of active exploitation of CVE-2024-0204 in the wild, it’s worth noting that a previous flaw in the same product (CVE-2023-0669, CVSS score: 7.2) was exploited by the Cl0p ransomware group, compromising nearly 130 victims last year.

Other news

Apple’s Recent Zero-Click Shortcuts Vulnerability

New information has surfaced regarding a recently patched high-severity security vulnerability in Apple’s Shortcuts app, which had the potential to allow a shortcut to access sensitive information on a device without user consent.

Read More

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices – 28.12.2023

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices.

Read More