what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apache CloudStack 4.0.1 Authentication Bypass / Cryptography

Apache CloudStack 4.0.1 Authentication Bypass / Cryptography
Posted Apr 25, 2013
Authored by Wolfram Schlich, Mathijs Schmittmann

The CloudStack PMC was notified of two issues found in Apache CloudStack versions prior to 4.0.2. An attacker with knowledge of CloudStack source code could gain unauthorized access to the console of another tenant's VM. Insecure hash values may lead to information disclosure. URLs generated by Apache CloudStack to provide console access to virtual machines contained a hash of a predictable sequence, the hash of which was generated with a weak algorithm. While not easy to leverage, this may allow a malicious user to gain unauthorized console access.

tags | advisory, bypass, info disclosure
advisories | CVE-2013-2756, CVE-2013-2758
SHA-256 | 474f68a5ee05a485465b64d23eff7bcb693b5ef180963131a4b12caf5a15bc42

Apache CloudStack 4.0.1 Authentication Bypass / Cryptography

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Product: Apache CloudStack
Vendor: The Apache Software Foundation
CVE References: CVE-2013-2756, CVE-2013-2758
Vulnerability Type(s): Authentication bypass (2756), cryptography (2758)
Vulnerable version(s): Apache CloudStack version 4.0.0-incubating and 4.0.1-incubating
Risk Level: High, Medium
CVSSv2 Base Scores: 7.3 (AV:N/AC:H/Au:N/CI:P/I:C/A:C), 4.3 (AV:A/AC:H/Au:N/CI:P/I:P/A:P)

Description:
The CloudStack PMC was notified of two issues found in Apache CloudStack:

1) An attacker with knowledge of CloudStack source code could gain
unauthorized access to the console of another tenant's VM.

2) Insecure hash values may lead to information disclosure. URLs
generated by Apache CloudStack to provide console access to virtual
machines contained a hash of a predictable sequence, the hash of
which was generated with a weak algorithm. While not easy to leverage,
this may allow a malicious user to gain unauthorized console access.

Mitigation:
Updating to Apache CloudStack versions 4.0.2 or higher will mitigate
these vulnerabilities.

Credit:
These issues were identified by Wolfram Schlich and Mathijs Schmittmann
to the Citrix security team, who in turn notified the Apache
CloudStack PMC.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJReHSvAAoJEI7yNrpBLHrS19UP/R+7RadV4QlnBxErhy53/FZf
qeOKGKj3cLm5dhFsNjzODQRRcSZohrwq3CX5dM1GW83LdAVJjoKQYCTO4/Dm+WP4
EI2z8PAxrr+gOZKZt0ouufb3aJPMP5nQK+/UphSUCNS9BPu2gDQubAgRq3bTFqHI
b54XVwd8SEZ/lb7ds8zXiKLCWtz18BK9JCa7/sWArpUlbJIqEYkC3NO4rvR/I/Uo
ZS6tvX4i/Fh+KoJwnhoYm852xoSRAX2YCv00Ao/WLleltzH43wSV2DA/SpKsfUAp
hvkkwMjYo0FFQZcvvFIFFXUAOMtjFVQ+Dh5CdXiozqQyeKpO61HtyNWoPGBsKaj7
RTlVSPu8vRxi1JiqVd850L1oa9wGgG3ywySY5NGs/TNdZ+6GtxO3jr2QMFDhI7G0
0uc2TPx63RZFdkODZ9FF6p29OfgRHy6Uq0UysHO8Yuadiys9xWOZjoHavDYPLrxC
ZRyrG1Ny9RUh5vQsoFIKoEJIwBtoK0ljLvNROT9T4cpG80qnj/SRUnvNxhPI87gJ
4Fcvh/1R/ZdvPeeMRf+eOd8euw1KkC6tCRbabQwCKb2hAXYxKXG5f+a7XRk/2laf
UNdjnvNEz9OqYKs0f3A4MLNv37PdtFBqLmfGDCPNx79VT+//exCxtTJXy6Ydwgmr
Qy2m9i7qrd34G2Cp0g4V
=7qL9
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close