CVE-2024-1403: The Threat to Progress Software Users

In the realm of cybersecurity, a critical vulnerability has been discovered affecting Progress Software products, specifically the OpenEdge Authentication Gateway and AdminServer. This flaw poses a significant threat to authentication mechanisms, potentially allowing malefactors to circumvent protective measures and gain unauthorized access to systems.

Identified as CVE-2024-1403, this issue has been rated at the maximum severity level with a CVSS score of 10. The vulnerability impacts versions of OpenEdge up to 11.7.18, 12.2.13, and earlier, as well as 12.8.0.

The core of the issue lies in the deficiencies of the authentication mechanism when the OpenEdge Authentication Gateway (OEAG) is configured to use the local operating system’s authentication system for user verification. A similar issue arises when connecting to AdminServer through OpenEdge Explorer and OpenEdge Management, where local authentication is also employed.

Representatives from Progress Software have reported that the flaw manifests when the system incorrectly interprets unexpected types of usernames and passwords, leading to authorization without proper credential verification. Thus, attackers can bypass the authentication process, accessing protected resources.

The company has taken steps to rectify the vulnerability, releasing updates OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1. Users are strongly advised to install these updates to protect their systems from potential attacks.

The research team at Horizon3.ai contributed to the study of the vulnerability by creating and publishing a PoC exploit. They discovered that the root of the issue is related to the “connect()” function, activated upon remote connection, which calls another function, “authorizeUser()”. This function is supposed to verify that the provided data matches specified criteria. However, if the username matches “NT AUTHORITY\SYSTEM”, direct authorization occurs, bypassing necessary checks.

Furthermore, researchers highlight the potential for further attacks, such as the deployment of new applications via remote WAR file links.

Progress Software has previously been involved in a major scandal in the IT industry when its subsidiary Ipswitch’s MFT client, MoveIT Transfer, was hacked by the Clop hackers, leading to the compromise of hundreds of companies across various sectors and cumulative financial losses amounting to billions of dollars.

The discovery of CVE-2024-1403 and past notable attacks on Progress Software’s software underscore the importance of timely software updates and the need for vigilance in cybersecurity. Companies and individual users should take all necessary precautions to protect their systems against potential threats and ensure data security.