Ivanti Workspace Control UNC Path Data Security Bypass

Ivanti Workspace Control UNC Path Data Security Bypass: Posted Oct 1, 2018; Authored by Yorick Koster, Securify B.V.; Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.; tags | advisory, local, bypass; SHA-256 | 507e3c9cc2d0a60cb3923378de3e647c3ee8b937f4097ddf9a6615c71a46daf9; Download | Favorite | View

Ivanti Workspace Control UNC Path Data Security Bypass

------------------------------------------------------------------------
Ivanti Workspace Control Data Security bypass via localhost UNC path
------------------------------------------------------------------------
Yorick Koster, August 2018

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Ivanti Workspace Control contains a flaw where it is possible to access
folders that should be protected by Data Security. A local attacker can
bypass these restrictions using localhost UNC paths. Depending on the
NTFS permissions it may be possible for local users to access files and
folders that should be protected using Data Protection.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on Ivanti Workspace Control version
10.2.700.1 & 10.2.950.0.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue was resolved in Ivanti Workspace Control version 10.3.0.0.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20180803/ivanti-workspace-control-data-security-bypass-via-localhost-unc-path.html

Top Authors In Last 30 Days

Red Hat 240 files
Ubuntu 62 files
Debian 22 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,169)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,011)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,372)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,008)
UNIX (9,481)
UnixWare (188)
Windows (6,785)
Other

Ivanti Workspace Control UNC Path Data Security Bypass

Ivanti Workspace Control UNC Path Data Security Bypass

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ivanti Workspace Control UNC Path Data Security Bypass

Share This

Ivanti Workspace Control UNC Path Data Security Bypass

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems