Warning: Critical Authentication Bypass In Progress Openedge Authentication Gateway And Adminserver, Patch Immediately!
CVE-2024-1403 :CVSS 10(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
When OpenEdge is configured with OS local authentication there exists a vulnerability in the authentication routines. Exploitation of this vulnerability may lead to unauthorized access on attempted logins. The access gained from this vulnerability may allow a malicious actor to compromise your organization.
Update 2024/03/13: A Proof of Concept (PoC) for an exploit for this vulnerability has been released. This significantly increases the likelihood of exploitation of this vulnerability by malicious actors.
Description
There are two systems affected by this vulnerability. The OpenEdge Authentication Gateway (OEAG) when it is configured with OS local authentication, and when an AdminServer connection is made by OpenEdge Explorer (OEE) or OpenEdge Management (OEM).Progress notes: “The AdminServer logins are always potentially vulnerable because they only support OS local logins.“
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Fixed versions:
- OpenEdge LTS Update 11.7.19
- OpenEdge LTS Update 12.2.14
- OpenEdge LTS Update 12.8.1
A temporary mitigation is possible with the steps provided in the advisory from Progress.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.