25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Patch Fortra GoAnywhere Now: Exploit Code Released for Critical Flaw

Posted By on Jan 24, 2024

Fortra has disclosed and patched a critical vulnerability in its GoAnywhere Managed File Transfer (MFT) solution. The vulnerability – CVE-2024-0204 – is an authentication bypass bug due to a path traversal weakness. If exploited, an unauthenticated user can create a new admin user via the administration portal and remotely take control of the customer’s environment and gain access to their network. The vulnerability has a CVSS severity score of 9.8 out of 10.

Fortra explained in its security advisory that the vulnerability affects all versions of GoANywhere MFT prior to 7.4.1. All users of the file transfer solution should ensure they update to version 7.4.1 as soon as possible. If it is not possible to immediately upgrade, Fortra has suggested temporary workarounds.

For non-container deployments, users should delete the InitialAccountSetup.xhtml file in the install directory and restart the services. For container deployments, the InitialAccountSetup.xhtml file should be deleted and replaced with an empty file, followed by a restart.

Managed file transfer solutions are attractive targets for hackers. Last year, the Clop ransomware group exploited a vulnerability in Fortra’s GoAnywhere MFT – CVE-2023-0669 – and attacked 129 of the company’s clients, including several healthcare organizations. Exploitation of the flaw is likely and according to Searchlight Cyber threat intelligence engineer, John Honey, a proof-of-concept exploit for the vulnerability is being circulated on at least one Telegram channel.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

After upgrading to version 7.4.1 or implementing the workaround, an audit should be conducted to see if any new admin users have been added to the admin users group in the GoAnywhere administrator portal Users -> Admin Users section. The cybersecurity firm Horizon3 also recommends checking the logs for the database -\GoAnywhere\userdata\database\goanywhere\log\*.log. – as they include the transactional history of the database and will contain entries if new admin users have been added.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist