Critical authentication bypass flaw reported in Perforce Software
Take action: If you are using Perforce Software, make sure the admin interface is isolated from the internet and accessible only from trusted networks. If possible, isolate the entire Perforce Software from the Internet. Then contact Perforce and check when a patch will be available. Once available, update immediately.
Learn More
Perforce is reporting a critical authentication bypass vulnerability affecting all versions of its software platform, potentially allowing attackers to gain full administrative access to systems without authentication.
Perforce is a software development product company whose flagship product, Helix Core, is a high-performance version control system designed for managing large codebases and digital assets.
The flaw is still awaiting a formal CVE (Common Vulnerabilities and Exposures) identifier. It compromises the core authentication protocol within Perforce software, enabling attackers to bypass security mechanisms and take complete control of administration interfaces.
Perforce describes it as a "severe risk to organizations worldwide". The vulnerability is very concerning since Perforce is used by government, defense, and finance industries.
There is no formal patch, so Perforce has urged users to implement mitigation controls:
- Restrict administrative access to trusted internal networks only
- Monitor network traffic for unusual authentication attempts
- Disable external access to Perforce servers where possible
- Track notifications from Perforce for release of a patch.
