SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware ESXi Vendors:   VMware
VMware ESX Server URL-Based Password Change Function May Let Remote Users Change a Target User's Password in Certain Cases
SecurityTracker Alert ID:  1016612
SecurityTracker URL:  http://securitytracker.com/id/1016612
CVE Reference:   CVE-2005-3618   (Links to External Site)
Date:  Jul 31 2006
Impact:   Modification of authentication information, Modification of user information

Version(s): prior to 2.5.3 upgrade patch 2, 2.1.3 upgrade patch 1, and 2.0.2 upgrade patch 1
Description:   A vulnerability was reported in VMware ESX Server. A remote user may be able to set arbitrary passwords for users.

In certain cases, a remote user can create a specially crafted URL that, when loaded by the target authenticated user, will cause the target user's password to be changed.

A demonstration exploit URL is of the following form:

https://[target]/sx-users?op=setUsr&ag=&rg=&nm=root&hd=%2Froot&pw=test&pwc=test&grpSlct=

Stephen de Vries of Corsair discovered this vulnerability.

The vendor was notified on November 15, 2005.

Impact:   A remote user can create a URL that, when loaded by the target user, will execute functions on behalf of the target user. This can be exploited, for example, to change a target user's password.
Solution:   The vendor has issued a fixed version.
Vendor URL:  www.vmware.com/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC