. home.aspx



SoftNAS Cloud Vulnerability Could Allow Hackers to Bypass Authentication

March 20, 2019 / Jessica Lyons Hardcastle

A vulnerability in SoftNAS Cloud data storage platform could allows attackers to bypass authentication and gain access to a company’s web-admin interface without valid credentials. Security vendor Digital Defense disclosed the flaw in a blog post today, and said SoftNAS worked with its Vulnerability Research Team to issue a fix. SoftNAS isn’t aware of any customer attacks resulting from the vulnerability. It’s “impossible” to know how many customers were exposed, said Jeff Russo, SoftNAS senior vice president of products. “However, the potential vulnerability could only have potentially affected a small portion of the customer base as it only existed in versions 4.2.0 and 4.2.1, which was only available for two months,” he added. “And again, only customers who did not set up their environment according to SoftNAS best practices were exposed. We stress that customers always maintain the most recent software version and to follow recommende...