Dell Credentials Bug Opens VMware Environments to Takeover

  /     /     /  
Publicated : 23/11/2024   Category : security


Dell Credentials Bug Opens VMware Environments to Takeover


Decoding private keys from even one Dell customer could give attackers control over VMware environments across all organizations running the same programs.



Hardcoded credentials in the Dell Compellent storage array service could enable attackers to take over enterprise VMware environments for any organizations running those two services in collaboration.
Dell Compellent reached its end of life in 2019, and holds
less than a 1% share of the data storage market
, according to Enlyft. However, organizations still using Dell storage integrated with VMware environments need be aware of
CVE-2023-39250
,
a high impact vulnerability
affecting these systems.
At DEF CON 31 on Friday
, Tom Pohl, penetration testing team manager at LMG Security, will demonstrate how an attacker inside of an enterprise network can identify and decode a private key associated with VMwares centralized management utility through Dell Compellent, enabling full takeover of a VMware environment.
But its not only that: Because the key is the same for every Dell customer, a compromise at one organization could seamlessly translate to a compromise at any other.
As Pohl puts it, This is just a real concrete example of how a private key in software can lead to complete network compromise of your organization.
In integrating the two services, Dell requires administrator credentials for VMware vCenter, the platform used for managing VMware environments. But the Dell software
stores those credentials in its config files
.
Pohl only found that out by accident, while working with a clients network. When I got into the device in question, I thought: Hey, theres a username and password in here, he recalls.
At least the credentials werent stored in clear text. But Pohl decompiled the Java class he guessed might have been responsible for the decryption, easily discovering an AES static key stored in the source code.
After a little bit of reverse engineering using
CyberChef
, all of a sudden, out popped a clear text password. And I took that username and password that I got from the Dell Compellent software, went to the vCenter login, and I literally logged in and took over their entire environment.
It wasnt merely that Pohl possessed the same vCenter admin access as the Dell software, with the ability to observe, steal, or manipulate all of the data contained within. As he emphasized in a press release: This key is the same for EVERY customer! If a criminal leverages this vulnerability, they could use it against any of Dells customers.
Despite passing the 90-day responsible disclosure window, LMG Security expects Dell to issue a patch only sometime in the fall. The delay may be due to the complexity of designing a sufficient fix, Pohl posits.
It may also, in part, have to do with Compellents end of life status.
According to Dells documentation
, the right of the customer to use the software beyond the end of life does not obligate Dell to provide continued support or maintenance beyond end of life.
In the meantime, organizations still running these systems should definitely harden their environments, Pohl advises. The standard user shouldnt be able to talk to an important piece of infrastructure between your storage platform and your vCenter. The network should be segmented in such a way where a malicious user cant even get to that point.
Dell noted in a statement to Dark Reading that companies can implement a workaround: Dell Technologies released instructions for a full workaround to address a vulnerability in the Dell Storage Compellent Integration Tools for VMware product. Customers should review Dell Security Advisory
DSA-2023-282
at their earliest convenience for details. The security of our products is a top priority and critical to protecting our customers.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Dell Credentials Bug Opens VMware Environments to Takeover