Summary
Censys is aware that on February 27, 2024, a critical vulnerability was published for OpenEdge’s Authentication Gateway and AdminServer across all platforms prior to 11.7.19, 12.2.14, 12.8.1. It allows for authentication bypass, via mishandled username/password, to Authentication Gateway and AdminServer assets that can result in unauthorized, unauthenticated access.
Impact
Since the OpenEdge Authentication Gateway is an identity management tool, an unauthorized authentication bypass could allow an attacker unauthorized access to the stored user information including user names and passwords (Securityonline). Additionally, this could permit an attacker the ability to manipulate accounts in order to obtain access to the enterprise assets for which OpenEdge manages access.
Affected Assets
According to the NVD, this issue affects all OpenEdge Authentication Gateway and AdminServer platforms prior to 11.7.19, 12.2.14, 12.8.1 including:
OpenEdge LTS 11.7.18
OpenEdge LTS 12.2.13
OpenEdge LTS 12.8.0
Censys’ Rapid Response Team was able to identify all publicly exposed OpenEdge application servers, OpenEdge Explorer (OEE) web interfaces, and OpenEdge Management (OEM) web interfaces. Note that Censys was unable to obtain version information due to the lack of response information from these assets.
Censys Search Queries are shared directly with Censys customers. If you would like to obtain the Censys query to identify global instances related to this issue, or need help, please contact us.
Recommendations for remediation
from the vendor, Progress Software, state “All customers on all OpenEdge releases are recommended to upgrade to the latest OpenEdge version of an Active Release immediately, if possible.”