Critical Authentication Bypass Found in Open Automation Software Platform – Update Now!

CVECVE-2023-34998
CVSScvssV3_1: 8.1
SourceCVE-2023-34998

Open Automation Software (OAS) Platform has a vulnerability that allows hackers to bypass authentication. The OAS Engine, which is part of the platform, fails to properly validate network requests.

Cybercriminals can craft a special sequence of requests to trigger the flaw without providing valid login credentials. This gives them full access to the system like a legitimate user. They just need to monitor network traffic going to the OAS server to find the right requests.

The vulnerability has been given a CVSS score of 8.1, which means it is considered highly critical. An attacker can exploit it remotely without any user interaction. They don’t need physical access or to trick users into installing malware.

If you use the OAS Platform, you should immediately apply the latest software updates provided by the vendor. Updating will fix the authentication bypass vulnerability. You should also enable strong passwords and multi-factor authentication if available to add an extra layer of security.

Regularly checking for and installing security updates is one of the best ways to protect yourself from cyber threats. Stay vigilant and keep your software up-to-date to avoid becoming another victim of hacking.

References