back to article That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed

A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln (CVE-2020-3952), details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as …

  1. Macs1000

    It's very unique...

    No it isn't. It's either unique, or it's not.

    1. TeeCee Gold badge

      Re: It's very unique...

      That's something he said with one hand behind his back with its fingers crossed and the other one on a piece of wood.

  2. Mage Silver badge
    Headmaster

    re: very unique

    It's not like Hilbert's Hotel. Either it's unique or not. Or very <something> as well as unique.

    1. RegGuy1 Silver badge

      Re: re: very unique

      Hilbert's Hotel is shit. I stayed there once and had to keep moving rooms.

      1. Reg Reader 1

        Re: re: very unique

        Very interesting and, perhaps, unique.

      2. julian_n

        Re: re: very unique

        So did I - my wife got a bit pregnant there.

        1. Anonymous Coward
          Anonymous Coward

          Re: re: very unique

          Was that linked to the moving rooms?

          Enquiring minds and all that...

          1. julian_n

            Re: re: very unique

            Well the room certainly moved.

  3. Sam Liddicott

    Are these bugs deliberate?

    It's clearly a programmer error - it's not valid to call that function without valid credentials!

    At least that's the sort of response I get when I report bugs.

    I reported today how bash's printf %q format can leave a dangling unused backslash which voids the whole safety benefit of %q

    Apparently it's a programmer error to expect to use %q as advertised.

    It's not safe to use a truncating size specifier with %q e.g. %.8q

    It could be made safe, but why bother for "a programmer error"?

    I don't think these sorts of bugs are deliberate but I know others do.

  4. Anonymous Coward
    Anonymous Coward

    Wow, I am sure it was not a backdoor type thing

    Yeah, it is perfect coincidence that each time some bug is discovered, it is always some kind of bug allow remote access control, and I am mean it is just a perfect coincidence because Oracle/Microsoft/Intel/VMware/AMD will never allow XYZ to put back door into their products.

    Expect a flood of such backddors to come out in the next few months.

    Og my god, NSA is spying us, American heroic companies, please secure my IT against NSA spying.

    Giggling!

    1. Sir Runcible Spoon
      Big Brother

      Re: Wow, I am sure it was not a backdoor type thing

      "Giggling"

      Medication time perhaps?

      1. Anonymous Coward
        Anonymous Coward

        Re: Wow, I am sure it was not a backdoor type thing

        That IS his medication.

    2. chuBb.

      Re: Wow, I am sure it was not a backdoor type thing

      Couldn't be that it's more interesting than your common or garden buffer overflow, or lack of input validation/Web server running with too many privileges... that and it's staggering in the fact it works as long as your network connected

  5. Lorribot

    It is (very?) unique to version 6.7. Something the article studiously or ignorantly fails to mention.

    1. Nate Amsden

      more so seems to only affect 6.7 systems that were upgraded from earlier versions(which is probably many of them, mine included), doesn't affect new installations.

      https://kb.vmware.com/s/article/78543

  6. amanfromMars 1 Silver badge

    What's IT to Be ... Incoming Hostilities or Outrageous Hospitality ‽

    a "malicious actor with network access to port 389 on an affected vmdir deployment may be able to extract highly sensitive information such as administrative account credentials".

    Which further translates in vulnerable circles, are extracting highly sensitive information such as administrative account credentials in the here and now for future vmdir deployments. Past and present instances are of no effective consequence whenever there are proactive malicious actors with special stealthy access to networks.

    Deny it if you don't believe it, however, simply watch, listen and learn how AI and IT easily proves and shows such things to be perfectly true.

    Some think Catastrophic Exploitable Vulnerability, A.N.Others Almighty Useful Facility.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like