Описание
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-30116
- https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2
- https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure
- https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30116
- https://www.secpod.com/blog/kaseya-vsa-zero-day-by-revil
Связанные уязвимости
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp
Уязвимость программного обеспечения удаленного мониторинга и управления IT-системами Kaseya VSA (Virtual System Administrator), связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю раскрыть защищаемую информацию