Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive
James Horseman - horizon3.aiPosted 3 Years Ago- VMware recently patched a critical authentication bypass vulnerability in their VMware Workspace ONE Access, Identity Manager and vRealize Automation products. This bug could have been used to log in as any user on the site.
- This vulnerability comes down to improper trust of the Host Header. From the browser, an attacker cannot control it. However, from cURL or another manual requests, it is trivial to control this.
- The Host header is used to make a request to validate users. Since this header is controlled by an attacker, we can control WHERE the user is authenticated from. By standing up a malicious server, we can simply say yes to every authentication attempt. Lolz.
- Overall, the article is okay. There is no in-depth discussion on the bug; only a patch diff and an exploit writing. Fun to see an exploit work on a live box though!
