SoftNAS vulnerability lets attackers bypass authentication

Researchers have uncovered a vulnerability in the SoftNAS Cloud data storage platform that could be used to gain access to the webadmin interface without valid user credentials. Security technology company Digital Defense found the previously undisclosed vulnerability which arises if customers have not followed SoftNAS deployment best practices and have openly exposed SoftNAS StorageCenter ports directly to the internet. SoftNAS provides a software-defined cloud NAS for AWS, Microsoft Azure and Vmware among others, so it's widely deployed in many businesses. The vulnerability only affects SoftNAS Cloud versions 4.2.0 and 4.2.1. A patch is available for download via Software Update in… [Continue Reading]