Cairo, Egypt – January 24, 2024 – Spark Professional Services is proud to announce that its cybersecurity experts, Mohammed Eldeeb and Islam Elrfai, have been officially credited for discovering a critical security flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) solution — a vulnerability that could allow unauthorized users to create new administrator accounts.
The issue, identified as CVE-2024-0204 with a CVSS score of 9.8, was responsibly reported by Spark’s research team in December 2023. The discovery was acknowledged by Fortra in its public advisory issued on January 22, 2024, and has since been featured by major cybersecurity outlets, including The Hacker News.
This vulnerability, described as an authentication bypass in affected GoAnywhere MFT versions prior to 7.4.1, could potentially grant attackers administrative privileges through the product’s setup endpoint. Spark’s proactive research and responsible disclosure enabled Fortra to release a security patch and provide mitigation steps to global users.
“At Spark, our mission is to strengthen the global cybersecurity ecosystem through proactive threat research and responsible disclosure,” said Mohammed Eldeeb, Security Research Lead at Spark Professional Services. “Discoveries like this reaffirm our commitment to securing digital infrastructure worldwide.”
This recognition marks another milestone in Spark’s ongoing contributions to the advancement of global cybersecurity. The company continues to collaborate with international vendors and research communities to identify and mitigate vulnerabilities before they can be exploited in the wild.
About Spark Professional Services
Spark Professional Services is a leading cybersecurity firm specializing in offensive security, threat intelligence, and digital risk protection. Headquartered in Cairo, Spark empowers organizations across the Middle East and beyond to strengthen their security posture through expert-led consulting, advanced research, and tailored cybersecurity solutions.
Media Contact
Spark Professional Services – Communications Team
📧 info@sparkps.com
🌐 www.sparkps.com