Critical Hardcoded Password Vulnerability in FileCatalyst Workflow Rectified by Fortra

August 28, 2024

Fortra has issued a warning about a severe hardcoded password vulnerability in FileCatalyst Workflow, which could potentially allow unauthorized attackers to infiltrate an internal database, pilfer data, and acquire administrative privileges. This hardcoded password could be exploited by anyone to remotely gain unauthorized access to an exposed FileCatalyst Workflow HyperSQL (HSQLDB) database, potentially giving them access to sensitive information. Moreover, these database credentials could be manipulated to create new admin users, thus enabling attackers to acquire administrative-level access to the FileCatalyst Workflow application and gain full control over the system.

In a security bulletin released recently, Fortra disclosed that this issue, designated as CVE-2024-6633 (CVSS v3.1: 9.8, 'critical'), affects FileCatalyst Workflow 5.1.6 Build 139 and older versions. Users are advised to upgrade to version 5.1.7 or later. Fortra also mentioned in the advisory that HSQLDB is included primarily to aid the installation process and suggested that users implement alternative solutions after installation. The advisory stated, 'The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.'

There are no known mitigations or workarounds for this issue, hence system administrators are urged to apply the available security updates as soon as possible. The vulnerability, CVE-2024-6633, was first discovered by Tenable on July 1, 2024, when they identified the same static password, 'GOSENSGO613,' on all FileCatalyst Workflow deployments. Tenable highlighted that the internal Workflow HSQLDB is remotely accessible via TCP port 4406 on the product's default settings, indicating a significant exposure. Tenable also pointed out that end users cannot change this password through conventional methods, thus upgrading to 5.1.7 or later is the only viable solution.

The high level of access, the simplicity of exploitation, and the potential benefits for cybercriminals exploiting CVE-2024-6633 make this vulnerability particularly perilous for users of FileCatalyst Workflow. Fortra products are constantly targeted by attackers as critical vulnerabilities in them can result in large-scale compromises of multiple high-value corporate networks simultaneously.

Latest News

• Critical Atlassian Confluence Flaw Exploited for Cryptojacking
• Iranian Hackers Collaborate with Ransomware Gangs for Extortion
• APT-C-60 Group Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor
• Unprotected LLM Servers Expose Sensitive Corporate and Health Data
• Proof-of-Concept Exploit for Zero-Click Vulnerability Now Accessible to Public