Fortra fixes critical FileCatalyst Workflow hardcoded password issue

2 months ago 37
BOOK THIS SPACE FOR AD
ARTICLE AD

Fortra

Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges.

The hardcoded password can be used by anyone to remotely access an exposed FileCatalyst Workflow HyperSQL (HSQLDB) database, gaining unauthorized access to potentially sensitive information.

Additionally, the database credentials can be abused to create new admin users, so attackers can gain administrative-level access to the FileCatalyst Workflow application and take complete control of the system.

In a security bulletin published yesterday, Fortra says that the issue is tracked as CVE-2024-6633 (CVSS v3.1: 9.8, "critical") and impacts FileCatalyst Workflow 5.1.6 Build 139 and older releases. Users are recommended to upgrade to version 5.1.7 or later.

Fortra noted in the advisory that HSQLDB is included only to facilitate the installation process and recommends that users set up alternative solutions post-installation.

"The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides," reads the bulletin.

"However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB."

There are no mitigations or workarounds, so system administrators are recommended to apply the available security updates as soon as possible.

Flaw discovery and details

Tenable discovered CVE-2024-6633 on July 1, 2024, when they found the same static password, "GOSENSGO613," on all FileCatalyst Workflow deployments.

Tenable explains that the internal Workflow HSQLDB is remotely accessible via TCP port 4406 on the product's default settings, so the exposure is significant.

"Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For example, the attacker can add an admin-level user in the DOCTERA_USERS table, allowing access to the Workflow web application as an admin user." – Tenable

Tenable notes that end users cannot change this password by conventional means, so upgrading to 5.1.7 or later is the only solution.

The high level of access, ease of exploitation, and potential gains for cybercriminals exploiting CVE-2024-6633 make this flaw extremely dangerous for users of FileCatalyst Workflow.

Fortra products are permanently in the crosshairs of attackers as critical flaws in them can lead to mass-scale compromises of multiple high-value corporate networks at once.

Read Entire Article