VMware likes service providers so much it gave them their own bug to fix!

By on
VMware likes service providers so much it gave them their own bug to fix!

VMware has warned of a bug that only impacts service providers.

The flaw is present in vCloud Director, the tool VMware offers to its partners “to operate and manage successful cloud-service businesses”. vCloud Director makes that possible by facilitating creation of virtual data centres for a service provider’s clients.

But as security advisory VMSA-2019-0004 warns, the product contains “a Remote Session Hijack vulnerability in the Tenant and Provider Portals.

And it's a bad one: “Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.”

Accessing the Partner Portal sounds terrifying, given that vCloud Director lets a service provider define a client’s entire private cloud.

Fortunately, the problem only impacts version 9.5.x of the tool, and VMware has released version 9.5.0.3 to fix it. But that still leaves service providers with an upgrade to do.

Which is why CRN has written this story on Saturday morning – an act of solidarity with readers who lose a slice of their weekends hack-proofing their VMware infrastructure!

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's the impact of the Easter/Anzac Day/School holiday super-weekend?
An unwelcome slow period to compare with Christmas/New Year period
No worse than Easter every year
10 days off with 3 days leave will refresh the team
Stop talking and pass the chocolate
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?