CVE-2022-22972 VMware Workspace, Access, Identity and vRealize have authentication bypass issues. This could be a huge issue for local users.

CVE-2022-22972 VMware Workspace, Access, Identity and vRealize have authentication bypass issues. This could be a huge issue for local users.

The authentication bypass vulnerability exists in the configuration of the user’s password. In order to exploit this issue, a malicious actor must have network access to the UI via a web browser. Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.

Vulnerability details

In order to exploit this issue, malicious actors must have network access to the UI via a web browser. Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.
To prevent this vulnerability from happening in your organization, you should check for known vulnerabilities in software updates provided by your vendor and review your security settings for use on apps that are not part of your company’s infrastructure. If you cannot update your software due to issues such as compatibility or if it is not allowed to update on user computers, you should also ensure that no privileged tasks are exposed by requiring authentication for all users after they log in.

Vulnerability Description and Exploitation Technique

This vulnerability results in a system-wide authentication bypass. It is present in the configuration of the user’s password, and can be exploited via the use of a web browser. This vulnerability has been found to exist not just within this particular application, but it has also been found across an array of applications that follow the same process to facilitate logins and passwords when using HTTP basic authentication. This issue can result in unauthorized database access, remote file access, email access, and any other task assigned to another user with the same organization.

Users’ Password in Login Page of UI

In order to exploit this issue, attackers must gain network access to the UI’s login page. This vulnerability exists due to the configuration of passwords on the login page. In order for a malicious actor to exploit this vulnerability, they must have access to a web browser and be able to execute JavaScript. They also need to know the URL of the login page in order for them to use the attack.
The attacker must use JavaScript or HTML in order for them to exploit this vulnerability. The attacker would then log into their own account as if they were another user with an organization. By logging into another user’s account, attackers can assume that user’s privileges and assets.

CVE-2022-22973

The authentication bypass vulnerability exists in the configuration of the user’s password. In order to exploit this issue, a malicious actor must have network access to the UI via a web browser. Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe