The vulnerability of the implementation of the AWS4-HMAC-SHA256 algorithm in the cross-platform FTP server CrushFTP allows a hacker to bypass security restrictions, gain access to the administrator account, and execute arbitrary commands.
The vulnerability of the AWS4-HMAC-SHA256 algorithm implementation in the cross-platform FTP server CrushFTP relates to the bypassing of authentication by using the default crushadmin account. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions, gain access ...