CVE-2022-31656 VMware Workspace, Access, Identity and vRealize have authentication bypass issues. This could be a huge issue for local users.

CVE-2022-31656 VMware Workspace, Access, Identity and vRealize have authentication bypass issues. This could be a huge issue for local users.

The authentication bypass vulnerability exists in the configuration of the user’s password. In order to exploit this issue, a malicious actor must have network access to the UI via a web browser. Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.

Vendor Response

The vendor released an advisory and a software patch for the vulnerability.

Vulnerability Description and Mitigation

Adobe has released a patch for this vulnerability and it is now available to all users. The patch fixes the issue by changing the default account password recovery and adding a new, unique password to the user’s account.
Meanwhile, Adobe advises users who have already had their account compromised to reset their passwords immediately or change them from their https://accounts.adobe.com/ website.

Exploit Proof of Concept (PoC)

Exploit Proof of Concept (PoC)
The following proof-of-concept exploits the CVE-2022-31656 vulnerability. It is a web browser exploit that takes advantage of the authentication bypass vulnerability and will install malware on a victim’s machine
Step 1: The attacker must have network access to the UI via a web browser.
Step 2: Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.

Vulnerability Description and Recommendation

The vulnerability exists in the configuration of the user’s password. In order to exploit this issue, a malicious actor must have network access to the UI via a web browser. Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.  This vulnerability is classified as high impact because if it is successfully exploited by an attacker, they will have full control of your company’s internal networks. There are multiple recommendations for mitigating this vulnerability. A simple mitigation would be updating your system’s password policy to require users to use complex passwords or change their passwords anytime they log into your system from an external device such as a web browser through VPN or Tor access (this prevents brute force attacks). Another mitigation could be restricting or monitoring who has login privileges and what those privileges are so that you can identify any potential attackers. This could be done through Access Control Lists (ACL), which block unauthorized users from accessing certain resources and applications on your system based on their IP address or hostname.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe