VMware likes service providers so much it gave them their own bug to fix!

By on
VMware likes service providers so much it gave them their own bug to fix!

VMware has warned of a bug that only impacts service providers.

The flaw is present in vCloud Director, the tool VMware offers to its partners “to operate and manage successful cloud-service businesses”. vCloud Director makes that possible by facilitating creation of virtual data centres for a service provider’s clients.

But as security advisory VMSA-2019-0004 warns, the product contains “a Remote Session Hijack vulnerability in the Tenant and Provider Portals.

And it's a bad one: “Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.”

Accessing the Partner Portal sounds terrifying, given that vCloud Director lets a service provider define a client’s entire private cloud.

Fortunately, the problem only impacts version 9.5.x of the tool, and VMware has released version 9.5.0.3 to fix it. But that still leaves service providers with an upgrade to do.

Which is why CRN has written this story on Saturday morning – an act of solidarity with readers who lose a slice of their weekends hack-proofing their VMware infrastructure!

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's the hottest sales opportunity in H2 2019?
Business voice thanks to ISDN switchoff and/or NBN arrival
PCs thanks to Windows 7 end of life
Next-generation networks - WiFi 6, 5G, very fast Ethernet
The Internet of Things
Anything cloud or SaaS
Anything AI
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?