An urgent authentication bypass vulnerability has been discovered in the VMware Workspace ONE Access, Identity Manager, and vRealize Automation products.
Just one week after the release of an urgent, high-priority patch containing fixes for the vulnerability, VMware is drawing attention to publicly available exploit code that provides a roadmap for hackers to gain administrative access without the need to authenticate. Following the release of a technical analysis by PetrusViet (a member of VNG Security), the security researcher who is credited with discovering the bug, VMware released its update advisory.
Separately, VMware released security updates to fix a vulnerability in VMware Workstation’s unprotected credential storage. A malicious actor with local user privileges may be able to access user passwords on the remote server connected through VMware Workstation, according to an advisory from VMware.
For more such updates follow us on Google News ITsecuritywire News