Unidesk ReportingService Forceful Browsing Vulnerability

2011-03-29T00:00:00
ID SECURITYVULNS:DOC:26020
Type securityvulns
Reporter Securityvulns
Modified 2011-03-29T00:00:00

Description


  1. Summary:

Unidesk management appliance is prone to a forceful browsing vulnerability that allows an attacker access to administrator resources.


  1. Description:

The "ReportingService" of the web services does not check for session credentials to access reports about the Virtual Desktop Infrastructure environment.

These reports provides information such as:

* Applications installed
* CachePoint appliance information
* Desktop names
* Domain usernames
* Operating systems installed

An attacker may gain access to the reports by directly pointing to the following URL:

/Uni.Web/Reporting/Default.aspx


  1. Impact:

This issue can be exploited to access sensitive information that may lead to further attacks.


  1. Affected Products:

Unidesk Management Console version 1.3.0 and prior.


  1. Solution: Upgrade to version 1.4.0

  1. Time Table:

3/17/2011 Reported Vulnerability to the Vendor 3/25/2011 Vendor Acknowledge Vulnerability, fix will be addressed in the 1.4.0 release


  1. Credits:

Discovered by Nathan Power www.securitypentest.com