"VMware Disclosed a Critical and Unpatched Authentication Bypass Flaw in VMware Cloud Director Appliance"
VMware has disclosed an authentication bypass vulnerability in its Cloud Director Appliance, tracked as CVE-2023-34060 with a CVSS score of 9.8, that can be exploited by an attacker with network access to the appliance to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (Appliance Management Console). This bypass is not present on port 443 (VCD provider and tenant login). It is also not present on a new installation of Cloud Director Appliance 10.5. This article continues to discuss the critical bypass vulnerability in VMware Cloud Director Appliance that can be exploited to circumvent login restrictions when authenticating on certain ports.
Submitted by grigby1
Submitted by grigby1 CPVI
on