VMware Patches Flaw Exposing Admin Credentials in Tanzu Application Service for VMs

July 27, 2023

VMware Patches Flaw Exposing Admin Credentials in Tanzu Application Service for VMs

VMware has addressed an information disclosure vulnerability, CVE-2023-20891 [1] [3] [4], affecting its Tanzu Application Service for VMs and Isolation Segment products [1] [4]. This vulnerability allows remote attackers with low privileges to gain access to Cloud Foundry (CF) API admin credentials on unpatched systems [3].

Description

The vulnerability stems from the logging of credentials in hex encoding in the platform system audit logs [1] [2] [4]. By extracting the hex-encoded CF API admin credentials from these logs, a malicious non-admin user could potentially compromise the entire system’s security by pushing malicious versions of applications. It is important to note that non-admin users typically do not have access to these logs in a default deployment, which mitigates some of the risks.

VMware recommends affected users to rotate their CF API admin credentials as a precautionary measure [3]. They provide a guide on changing the credentials [3], but caution that it is not officially supported [3]. Additionally, VMware has addressed other security bugs in the past month [3].

Conclusion

To protect against this vulnerability, users are advised to apply the patches released by VMware and rotate their CF API admin credentials [1] [4]. This vulnerability has been classified as “Moderate” with a CVSS v3 base score of 6.5. It is crucial for affected users to take these precautions to safeguard their systems and prevent potential unauthorized access.

References

[1] https://www.infosecurity-magazine.com/news/vmware-patches-flaw-exposing-admin/
[2] https://www.tenable.com/cve/CVE-2023-20891
[3] https://vulnera.com/newswire/vmware-patches-information-disclosure-bug-in-tanzu-application-service-for-vms/
[4] https://pfete.com/index.php/2023/07/26/vmware-patches-vulnerability-exposing-admin-credentials/

Keywords

VMware, information disclosure vulnerability, CVE-2023-20891, Tanzu Application Service for VMs, Isolation Segment, remote attackers, low privileges, gain access, Cloud Foundry, CF API admin credentials, unpatched systems, logging, hex encoding, platform system audit logs, malicious non-admin user, compromise, security, push malicious versions of applications, non-admin users, default deployment, mitigate risks, rotate, precautionary measure, guide, officially supported, security bugs, patches, classified as “Moderate”, CVSS v3 base score, safeguard, systems, prevent unauthorized access.