CVE-2023-34060: VMware’s Cloud Director Hit by Major Authentication Flaw
A critical authentication bypass vulnerability has been discovered in VMware Cloud Director Appliance (VCD Appliance) that affects version 10.5 which was upgraded from an older version. This vulnerability, CVE-2023-34060, allows a malicious actor with network access to the appliance to bypass login restrictions and gain unauthorized access to the system.
This vulnerability only affects VCD Appliance 10.5 which was upgraded from an older version. New installations of VCD Appliance 10.5 are not affected, nor are Linux deployments or other appliances.
The authentication bypass is present on port 22 (ssh) and port 5480 (appliance management console). It is not present on port 443 (VCD provider and tenant login).
“On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console),” VMware explains.
“This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.”
While VMWare has yet to release a patch for this vulnerability, a temporary workaround has been provided. The workaround involves downloading a custom script and running it on cells vulnerable to the CVE-2023-34060. The workaround does not cause any functional disruptions.
VMWare is working on a patch for this vulnerability and is expected to release it soon. In the meantime, administrators should apply the workaround as soon as possible.