VMware likes service providers so much it gave them their own bug to fix!

By on
VMware likes service providers so much it gave them their own bug to fix!

VMware has warned of a bug that only impacts service providers.

The flaw is present in vCloud Director, the tool VMware offers to its partners “to operate and manage successful cloud-service businesses”. vCloud Director makes that possible by facilitating creation of virtual data centres for a service provider’s clients.

But as security advisory VMSA-2019-0004 warns, the product contains “a Remote Session Hijack vulnerability in the Tenant and Provider Portals.

And it's a bad one: “Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.”

Accessing the Partner Portal sounds terrifying, given that vCloud Director lets a service provider define a client’s entire private cloud.

Fortunately, the problem only impacts version 9.5.x of the tool, and VMware has released version 9.5.0.3 to fix it. But that still leaves service providers with an upgrade to do.

Which is why CRN has written this story on Saturday morning – an act of solidarity with readers who lose a slice of their weekends hack-proofing their VMware infrastructure!

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?