Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago.
Customers were first advised by Fortra on the mitigations for the critical authentication bypass hole in December, and it wasn’t publicly revealed for more than a month.
Researchers from Horizon3 used the clues left behind in Fortra’s public advisory, published on January 22, to develop a working exploit and demonstrate how new admin users could be created by unauthenticated attackers.