Friday, February 7, 2025
HomeCyber Security NewsHackers Launch MiTM Attack to Bypass VMware Tools SAML Authentication

Hackers Launch MiTM Attack to Bypass VMware Tools SAML Authentication

Published on

SIEM as a Service

Follow Us on Google News

VMware has been reported with a SAML token signature bypass vulnerability, which a threat actor can exploit to perform VMware Guest operations. CVE ID has been assigned for this vulnerability, and the severity was mentioned as 7.5 (High).

VMware tools are a set of modules and services for enabling several services in VMware products, which help better manage guest operating systems and flawless user interactions between the host and the guest operating system. VMware tools also can pass messages from the Host to the Guest operating system.

However, VMware has released a security advisory for addressing this vulnerability.

CVE-2023-20900: SAML Token Signature Bypass vulnerability

An attacker with a man-in-the-middle (MITM) network positioning between the vCenter server and the virtual machine can bypass the SAML token signature verification and exploit this vulnerability to perform VMware guest operations. The CVSS score for this vulnerability has been given as 7.5 (High).

There has not been a publicly available exploit released for this vulnerability yet.

Affected Products

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Tools12. x.x, 11.x.x, 10.3.xWindowsCVE-2023-209007.5Important12.3.0NoneNone
VMware Tools10.3.xLinuxCVE-2023-209007.5Important[1] 10.3.26NoneNone
[2] VMware Tools (open-vm-tools)12. x.x, 11. x.x, 10.3.xLinuxCVE-2023-209007.5Important[3] 12.3.0NoneNone

VMware has been previously found to have a critical vulnerability in the Aria Operations for Networks, which lets threat actors perform authentication bypass and arbitrary file write operations. 

To remediate the vulnerability, VMware released a security advisory and Knowledge Base for VMware Aria Operations for Networks. Similarly, a security advisory has been released to fix this VMware tool vulnerability.

Users of VMware tools are recommended to upgrade to the latest version in order to prevent this vulnerability from getting exploited by threat actors.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...