VMware Authentication Bypass Vulnerability [CVE-2022-22972]
Original Post:
We discussed this vulnerability during Episode 149 on 30 May 2022
Honestly, this is a bit of a crazy issue to see, during Login, if the LocalPasswordAuthAdapter
gets used, it will attempt to validate the login credentials with whatever host is in the Host
header, an attacker can often control this header completely. And so by pointing the header to a domain the attacker controls they can setup a server that will respond with an HTTP 200
to the authentication request allowing the attacker to login.