top of page

Fortra GoAnywhere MFT Critical Authentication Bypass (CVE-2024-0204)

Application Details

Fortra GoAnywhere Managed File Transfer (MFT) technology enables modern businesses to secure and automate file sharing, collaborate with external parties and seamlessly integrate with cloud environments.


Fortra GoAnywhere MFT could allow a remote attacker to bypass security restrictions, caused by improper authorisation validation by the administration portal.


By sending a specially crafted request, an attacker could exploit this vulnerability to create an admin user.

GET /goanywhere/images/..;/wizard/InitialAccountSetup.xhtml


By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticate user to create an admin user via the administration portal.


Idappcom has created signature 8024565 along with a traffic file for this vulnerability.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page