Severe authentication bypass vulnerability discovered in Perforce software

A critical authentication bypass vulnerability has been identified in Perforce software, potentially allowing attackers to gain full administrative control of affected systems without authentication, reports DevOps.

The flaw, which impacts all versions of the platform, compromises Perforce’s core authentication protocol, posing significant risks to organizations in government, defense, and finance sectors. If exploited, attackers could execute administrative commands, manipulate data, escalate privileges, deploy malware, and maintain persistent access to sensitive systems.

Perforce has yet to release an official patch but has advised users to implement security measures such as restricting administrative access to internal networks, monitoring network activity, updating firewall rules, auditing logs, and disabling external access where possible.

Security experts have stressed the urgency of addressing this flaw, given its potential to undermine software integrity and expose critical infrastructure. Organizations using Perforce products must act immediately to mitigate risks while awaiting an official fix.

The company has reported the issue to global security databases and expects to assign a Common Vulnerabilities and Exposures identifier soon.