Mewsoft and Mewsoft Logos are registered trademarks.
| Copyrights © 2000-2018 Mewsoft® Corporation. All Rights Reserved. |
Discovery: The FileCatalyst WebApp session management uses a deterministic algorithm for generating sessionID parameters during WebSocket upgrades. By capturing one valid session token and applying a time-based XOR analysis, an attacker can predict active sessions of other users. Impact: An unauthenticated attacker with network access to the web interface can hijack an administrator’s session, create new transfer nodes, and exfiltrate all files without triggering file-level audit logs because the action originates from a legitimate session.
In today's digital landscape, file transfer and collaboration have become essential components of modern business operations. With the rise of remote work and global teams, organizations are increasingly relying on file transfer solutions to share sensitive information across borders and networks. One popular solution that has gained widespread adoption is FileCatalyst, a fast and reliable file transfer platform used by various industries, including finance, healthcare, and government. filecatalyst threat research
A single bit change. A 01 to a 02 .
| Copyrights © 2000-2018 Mewsoft® Corporation. All Rights Reserved. |