In the field of information security, a critical vulnerability has been discovered affecting Progress Software, specifically Openedge Authentication Gateway and Adminserver. This vulnerability poses a serious threat to authentication mechanisms, potentially allowing attackers to bypass security measures and gain unauthorized access to systems.
The vulnerability, identified as CVE-2024-1403, scores a 10 on the CVSS scale. It affects Openedge versions up to 11.7.18, 12.2.13, and 12.8.0.
The issue lies in the flaw of the authentication mechanism when the Openedge Authentication Gateway (OEAG) is set up with local operating system authentication for user verification. A similar vulnerability exists when connecting to Adminserver via Openedge Explorer and Openedge Management, both of which utilize local authentication methods.
Progress Software representatives explain that the problem arises from the system misinterpreting unexpected user and password types, leading to unauthorized access without proper authentication. This loophole allows attackers to sidestep the authentication process and gain entry to secure resources.
To address the vulnerability, Progress Software has released updates for Openedge LTS versions 11.7.19, 12.2.14, and 12.8.1. Users are strongly advised to install these updates promptly to safeguard their systems against potential attacks.
Research group horizon3.ai conducted an in-depth investigation into the vulnerability, which they detailed in their research report. Through implementing and sharing POC-Exflict, the group’s experts pinpointed the issue to the “Connect()” function activated during remote connections. This function triggers “authorizeuser()”, which should verify provided data against specific criteria. However, if the username matches “NT AuthoritySystem”, direct authorization occurs, bypassing necessary checks.
Furthermore, the researchers warn of potential future attacks, such as deploying new applications via remote links to War files.
This incident underscores the importance of timely software updates and the necessity for heightened cybersecurity vigilance. Companies and individuals alike must take all necessary precautions to fortify their systems against potential threats and uphold data security.