CVE-2024-7745 in WS_FTP Server
Summary
by MITRE • 08/28/2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/04/2024
The vulnerability identified as CVE-2024-7745 affects WS_FTP Server versions prior to 8.8.8, specifically targeting the Web Transfer Module's multi-factor authentication implementation. This represents a critical security flaw that undermines the intended security posture of the system by allowing unauthorized access through a bypass of the second-factor authentication mechanism. The vulnerability resides in the authentication flow where the system fails to properly enforce the mandatory second step of the multi-factor authentication process, creating a pathway for attackers to gain access using only basic credentials.
The technical flaw manifests as a missing critical step in the authentication sequence where the system does not adequately validate or enforce the second-factor verification component. This allows an attacker to manipulate the authentication flow by skipping the second-factor check entirely, effectively reducing the security from multi-factor to single-factor authentication. The vulnerability is particularly concerning because it occurs within the web transfer module, which is likely a critical component for file transfer operations and remote access capabilities. This flaw directly violates the principle of least privilege and authentication security by permitting unauthorized access through a simplified authentication path.
The operational impact of this vulnerability is significant as it allows potential attackers to bypass the intended security controls that protect against unauthorized access to the file transfer server. An attacker who can successfully exploit this vulnerability gains access to the system using only a username and password, without the additional security layer that should be enforced. This creates a substantial risk for organizations that rely on WS_FTP Server for sensitive file transfers, as it essentially removes the multi-factor authentication protection that was designed to prevent unauthorized access. The vulnerability could enable data exfiltration, system compromise, or unauthorized file manipulation depending on the access levels granted to the compromised accounts.
Organizations should immediately update their WS_FTP Server installations to version 8.8.8 or later to remediate this vulnerability. The fix addresses the missing critical step in the multi-factor authentication process by ensuring that the second-factor verification is properly enforced and cannot be bypassed. Security teams should also review authentication logs for any suspicious activity that may have occurred during the vulnerability window and implement additional monitoring for authentication attempts that bypass expected security controls. This vulnerability aligns with CWE-305, which addresses authentication failures, and represents a specific instance of improper authentication where the system fails to properly validate all required authentication factors. The mitigation strategy should include immediate patch deployment, comprehensive security assessment of the affected system, and implementation of additional monitoring controls to detect potential exploitation attempts.