It's very unique...
No it isn't. It's either unique, or it's not.
A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln (CVE-2020-3952), details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as …
It's clearly a programmer error - it's not valid to call that function without valid credentials!
At least that's the sort of response I get when I report bugs.
I reported today how bash's printf %q format can leave a dangling unused backslash which voids the whole safety benefit of %q
Apparently it's a programmer error to expect to use %q as advertised.
It's not safe to use a truncating size specifier with %q e.g. %.8q
It could be made safe, but why bother for "a programmer error"?
I don't think these sorts of bugs are deliberate but I know others do.
Yeah, it is perfect coincidence that each time some bug is discovered, it is always some kind of bug allow remote access control, and I am mean it is just a perfect coincidence because Oracle/Microsoft/Intel/VMware/AMD will never allow XYZ to put back door into their products.
Expect a flood of such backddors to come out in the next few months.
Og my god, NSA is spying us, American heroic companies, please secure my IT against NSA spying.
a "malicious actor with network access to port 389 on an affected vmdir deployment may be able to extract highly sensitive information such as administrative account credentials".
Which further translates in vulnerable circles, are extracting highly sensitive information such as administrative account credentials in the here and now for future vmdir deployments. Past and present instances are of no effective consequence whenever there are proactive malicious actors with special stealthy access to networks.
Deny it if you don't believe it, however, simply watch, listen and learn how AI and IT easily proves and shows such things to be perfectly true.
Some think Catastrophic Exploitable Vulnerability, A.N.Others Almighty Useful Facility.
Biting the hand that feeds IT © 1998–2021