VMware fixes bug exposing CF API admin credentials in audit logs

Teilen:

VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment caused by credentials being logged and exposed via system audit logs.

TAS for VMs helps enterprises automate the deployment of applications across on-premises or public and private clouds (e.g., vSphere, AWS, Azure, GCP, OpenStack).

Tracked as CVE-2023-20891, the security flaw addressed today by Vmware would allow remote attackers with low privileges to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks that don’t require user interaction.

This happens because, on unpatched TAS for VMs instances, hex-encoded CF API admin credentials are logged in platform system audit logs.

Threat actors who exploit this vulnerability can use the stolen credentials to push malicious app versions.

“A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application,” VMware says.

Luckily, as highlighted by VMware, non-admin users don’t have access to the system audit logs in standard deployment configurations.

Admin credential rotation recommended

However, the company still advises all TAS for VMs users affected by CVE-2023-20891 to rotate CF API admin credentials to ensure that attackers can’t use any leaked passwords.

VMware provides detailed instructions on changing Cloud Foundry User Account and Authentication (UAA) admin credentials in this support document.

“TAS does not officially support changing the UAA admin user’s password. The instructions above are not officially tested as a part of the Operations Manager test suite, so use them at your own risk,” VMware warns.

“It may be tempting to change the admin user’s password with the uaac utility. Unfortunately, this is not sufficient because it will only update the admin user’s password in UAA. This leaves Operations Manager out of sync and can cause jobs and errands to fail.”

Last month, VMware addressed high-severity security vCenter Server bugs allowing code execution and authentication bypass.

It also fixed an ESXi zero-day exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines in data theft attacks.

More recently, the company warned customers that exploit code is now available for a critical RCE vulnerability in the VMware Aria Operations for Logs analysis tool.

 

(c) Sergiu Gatlan

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
3:51 pm, Juli 11, 2025
Wetter-Symbol 31°C
L: 30° | H: 33°
klarer Himmel
Luftfeuchtigkeit: 35 %
Druck: 1019 mb
Wind: 6 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 5%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
30° | 33°°C 0 mm 0% 8 mph 46 % 1019 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
16° | 30°°C 0 mm 0% 10 mph 70 % 1019 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
17° | 29°°C 0 mm 0% 7 mph 70 % 1014 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
19° | 28°°C 0.2 mm 20% 16 mph 63 % 1016 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
14° | 23°°C 0 mm 0% 13 mph 68 % 1019 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
30° | 31°°C 0 mm 0% 6 mph 35 % 1019 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
28° | 30°°C 0 mm 0% 7 mph 33 % 1018 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
22° | 25°°C 0 mm 0% 8 mph 46 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 4 mph 58 % 1019 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
16° | 16°°C 0 mm 0% 4 mph 70 % 1018 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 5 mph 65 % 1018 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
24° | 24°°C 0 mm 0% 6 mph 44 % 1017 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
28° | 28°°C 0 mm 0% 7 mph 31 % 1015 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€100,932.86
6.16%
Ethereum(ETH)
€2,566.27
8.14%
XRP(XRP)
€2.40
15.09%
Fesseln(USDT)
€0.86
-0.02%
Solana(SOL)
€143.25
6.85%
USDC(USDC)
€0.86
-0.01%
Dogecoin(DOGE)
€0.175999
14.38%
Shiba Inu(SHIB)
€0.000012
10.28%
Pepe(PEPE)
€0.000011
16.57%
Peanut das Eichhörnchen(PNUT)
€0.249037
15.57%
Nach oben scrollen