module
VMware vCenter Server vmdir Authentication Bypass
| Disclosed |
|---|
| Apr 9, 2020 |
Disclosed
Apr 9, 2020
Description
This module bypasses LDAP authentication in VMware vCenter Server's
vmdir service to add an arbitrary administrator user. Version 6.7
prior to the 6.7U3f update is vulnerable, only if upgraded from a
previous release line, such as 6.0 or 6.5.
Note that it is also possible to provide a bind username and password
to authenticate if the target is not vulnerable. It will add an
arbitrary administrator user the same way.
vmdir service to add an arbitrary administrator user. Version 6.7
prior to the 6.7U3f update is vulnerable, only if upgraded from a
previous release line, such as 6.0 or 6.5.
Note that it is also possible to provide a bind username and password
to authenticate if the target is not vulnerable. It will add an
arbitrary administrator user the same way.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.