San Antonio, TX – March 20, 2019 – Digital Defense, Inc., a leading security technology and services provider, today announced that its Vulnerability Research Team (VRT) discovered a previously undisclosed vulnerability in SoftNAS Cloud® data storage platform. If customers have not followed SoftNAS deployment best practices and have openly exposed SoftNAS StorageCenter® ports directly to the internet, SoftNAS Cloud Enterprise 4.2.0 is vulnerable to an authenticated bypass that could be leveraged to gain access to the webadmin interface without valid user credentials. The vulnerability potentially allows an attacker to create new users or execute arbitrary commands with administrative privileges, compromising both the platform and data. The vulnerability is not present on SoftNAS Cloud versions prior to 4.2 and is fixed in versions 4.2.2 and later.
What You Can Do
Information regarding the security fix can be obtained through the SoftNAS release notes.
Details of the vulnerability can be found on the Digital Defense blog.
Tom DeSot, EVP/Chief Information Officer at Digital Defense, said, “SoftNAS has worked closely with our VRT to ensure a fix is available to organizations utilizing the affected platform. The SoftNAS team was extremely collaborative and diligent in their rapid response to the identification of the issue, resulting in a quick resolution.”
“We’re grateful to have partnered with the Digital Defense VRT to strengthen the security of SoftNAS Cloud. The protection and security of customer data is not only of the utmost importance to the SoftNAS team but is also integral to SoftNAS’ core business mission and vision,” said Rick Braddy, SoftNAS Co-Founder and CTO.
Digital Defense Research Methodology and Practices
The Digital Defense VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT when coupled with the company’s next generation hybrid SaaS Security platform, Frontline.Cloud enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.
About Digital Defense
Serving clients across numerous industries, Digital Defense’s innovative and leading-edge technology helps organizations safeguard sensitive data and eases the burdens associated with information security. Frontline.Cloud, the original Security SaaS platform, delivers unparalleled accuracy and efficiencies through multiple systems including Frontline Vulnerability Manager (Frontline VM™), Frontline Web Application Scanning (Frontline WAS™), Frontline Active Threat Sweep™ (Frontline ATS™) and Frontline Pen Test™, while SecurED®, the company’s security awareness training, promotes employees’ security-minded behavior. The Digital Defense Frontline suite of products, underpinned by patented technology and complemented with superior service and support, are highly-regarded by industry experts, as illustrated by the company’s designation as 2018 Global Vulnerability Management Customer Value Leadership Award, #10 ranking in Black Book Market Research’s list of Compliance & Risk Management Solutions, five-star review in SC Magazine, and inclusion in CRN’s MSP 500.
SoftNAS®, Inc. has pioneered cloud data control and management with its SoftNAS Cloud data platform. SoftNAS began six years ago as the global leader in software-defined Cloud NAS and has since matured into an enterprise software company. The SoftNAS Cloud data platform provides customers a unified and integrated way to aggregate, transform, accelerate, protect and store data and to easily create cloud storage solutions that bridge islands of data across SaaS, legacy systems, remote offices, factories, IoT, analytics, AI and machine learning, web services, SQL, NoSQL and the cloud – any kind of data. SoftNAS works with the most popular public, private, hybrid and premises-based virtual cloud operating systems, including Amazon Web Services, Microsoft Azure and VMware vSphere.