This detection rule is designed to identify attempts to authenticate with an empty public key fingerprint in Progress MOVEit Transfer, indicating a potential exploitation of the CVE-2024-5806 vulnerability. Such attempts are characteristic of an authentication bypass technique that allows attackers to impersonate valid users without providing real credentials. While sporadic authentication attempts with empty key fingerprints may occur due to misconfigurations, an increase in such attempts, especially from unexpected sources, can indicate malicious activity. This analytic plays a crucial role in assisting security teams to monitor for and investigate suspicious activities related to this specific vulnerability, thereby enhancing the security posture of systems vulnerable to this attack vector.