PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability

A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer.

This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems.

Understanding the Vulnerability(CVE-2024-1403)

The vulnerability arises when the OpenEdge Authentication Gateway (OEAG) or the AdminServer is configured with an OpenEdge Domain that utilizes the OS local authentication provider.

Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

• Interact with malware safely
• Set up virtual machine in Linux and all Windows OS versions
• Work in a team
• Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
Analyze malware in ANY.RUN for free

This configuration can lead to unauthorized access during login attempts due to a flaw in the authentication routines.

Specifically, the vulnerability allows authentication success to be incorrectly returned from an OE local domain under certain conditions, such as when unexpected content is present in the credentials passed during the login process.

Affected versions include OpenEdge Release 11.7.18 and earlier, OpenEdge 12.2.13 and earlier, and OpenEdge 12.8.0.

The vulnerability has been addressed in the latest updates: OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.

 Community Progress has addressed the issue and has Updates in OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1. 

Impact and Affected Components

The vulnerability has a broad impact, potentially affecting various components of the OpenEdge platform, including:

• OpenEdge Database access through OEAG
• AdminServer logins via OpenEdge Explorer (OEE) and OpenEdge Management (OEM)
• Database Servers accepting OEAG-generated tokens
• Secure Token Service Utilities
• Pro2 web application utility for Pro2 management

Ptrace SecurityGmbH recently tweeted about a security vulnerability, CVE-2024-1403, that affects Progress OpenEdge software.

The vulnerability allows for authentication bypass, potentially putting sensitive information at risk.

Mitigation and Upgrade Instructions

A Proof of Concept (PoC) exploit has been made available for a significant vulnerability identified in the OpenEdge Authentication Gateway and AdminServer.

This flaw can potentially be exploited by attackers to gain unauthorized

For users running vulnerable versions of OpenEdge, upgrading to the fixed versions is crucial.

The fixed versions are:

• Vulnerable Version: OpenEdge Release 11.7.18 and earlier

Fixed Version: OpenEdge LTS Update 11.7.19

• Vulnerable Version: OpenEdge Release 12.2.13 and earlier

Fixed Version: OpenEdge LTS Update 12.2.14

• Vulnerable Version: OpenEdge Release 12.8.0

Fixed Version: OpenEdge LTS Update 12.8.1

For those unable to upgrade immediately, temporary mitigation steps include library replacement and domain replacement mitigation for OEAG and AdminServer mitigation strategies, such as using AdminServer Group controls and disabling the AdminService.

The release of the PoC exploit for CVE-2024-1403 underscores the importance of maintaining up-to-date security measures in software systems.

OpenEdge users are urged to review their systems, apply the necessary updates or mitigations, and remain vigilant against potential unauthorized access attempts.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.