Login Sign Up

CVE-2024-5732

7.3 HIGH
Authentication Bypass

📋 TL;DR

This critical vulnerability in Clash for Windows allows remote attackers to bypass authentication on the proxy port component. Attackers can potentially gain unauthorized access to proxy configurations or intercept traffic. Users running Clash for Windows up to version 0.20.1 are affected.

💻 Affected Systems

Products:
  • Clash for Windows
Versions: up to 0.20.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the proxy port component specifically; all Windows installations up to 0.20.1 are vulnerable.

📦 What is this software?

Clash by Clashforwindows

View all CVEs affecting Clash →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of proxy settings, intercepts all traffic, or uses the system as a proxy for malicious activities.

🟠

Likely Case

Unauthorized access to proxy configurations leading to traffic interception or redirection.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls in place.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication.
🏢 Internal Only: MEDIUM - Still vulnerable to internal network attacks but reduced external exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit has been publicly disclosed and appears to be straightforward to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in CVE data

Restart Required: No

Instructions:

No official patch available. Follow workarounds and monitor for updates from Clash developers.

🔧 Temporary Workarounds

Change Proxy Port Configuration

windows

Modify Clash configuration to implement proper authentication on proxy port

Edit Clash configuration file to add authentication requirements to proxy port settings

Network Segmentation

windows

Restrict access to Clash proxy port using firewall rules

netsh advfirewall firewall add rule name="Block Clash Proxy" dir=in action=block protocol=TCP localport=[YOUR_CLASH_PORT]

🧯 If You Can't Patch

  • Disable or restrict the proxy port component entirely in Clash configuration
  • Implement network-level controls to limit access to the Clash proxy port

🔍 How to Verify

Check if Vulnerable:

Check Clash for Windows version in application settings or About section. If version is 0.20.1 or earlier, you are vulnerable.

Check Version:

Check Clash GUI → Settings → About for version information

Verify Fix Applied:

Verify configuration changes by testing proxy port access with authentication requirements.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to proxy port
  • Configuration changes without authentication

Network Indicators:

  • Unexpected traffic to/from Clash proxy port
  • Proxy connections from unauthorized sources

SIEM Query:

source_port:[CLASH_PROXY_PORT] AND (NOT user:[AUTHENTICATED_USER])

📊 Metadata

CVE ID: CVE-2024-5732
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-287
Published: June 7, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5732, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)