Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
Mar 11, 2024
Network Security / Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403 , the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It impacts OpenEdge versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. "When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins," the company said in an advisory released late last month. "Similarly, when an AdminServer connection is made by OpenEdge Explorer (OEE) and OpenEdge Management (OEM),...
