[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Unidesk ReportingService Forceful Browsing Vulnerability
- To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Unidesk ReportingService Forceful Browsing Vulnerability
- From: Nathan Power <np@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Mar 2011 13:08:44 -0400
------------------------------------------------------------------
1. Summary:
Unidesk management appliance is prone to a forceful browsing vulnerability
that allows an attacker access to administrator resources.
------------------------------------------------------------------
2. Description:
The "ReportingService" of the web services does not check for session
credentials to access reports about the Virtual Desktop Infrastructure
environment.
These reports provides information such as:
* Applications installed
* CachePoint appliance information
* Desktop names
* Domain usernames
* Operating systems installed
An attacker may gain access to the reports by directly pointing to the
following URL:
/Uni.Web/Reporting/Default.aspx
------------------------------------------------------------------
3. Impact:
This issue can be exploited to access sensitive information that may lead to
further attacks.
------------------------------------------------------------------
4. Affected Products:
Unidesk Management Console version 1.3 and prior.
------------------------------------------------------------------
5. Solution: Upgrade to version 1.4
------------------------------------------------------------------
6. Time Table:
3/17/2011 Reported Vulnerability to the Vendor
3/25/2011 Vendor Acknowledge Vulnerability, fix will be addressed in the 1.4
release
------------------------------------------------------------------
7. Credits:
Discovered by Nathan Power
www.securitypentest.com
------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/