Security researchers at WatchTowr Labs have identified two main attack vectors: one involves using a null-terminated string as a public encryption key to impersonate trusted users, and the other uses SSH public key paths to obtain cryptographic hashes that mask passwords.
Progress Software has released patches for the affected versions and strongly recommends that updates be installed immediately to address these serious security risks. Particularly vulnerable companies have already been warned.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
