BugTraq
Authentication bypass in Kaseya VSA Jan 13 2018 04:12PM
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Authentication bypass in Kaseya VSA
------------------------------------------------------------------------

Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------

Abstract
------------------------------------------------------------------------

A security vulnerability was found in Kaseya VSA that allows users to
view remote computers that they are not authorised to view. Using this
vulnerability a user that is authenticated to view at least one remote
computer can view ever machines in the Kaseya application.

------------------------------------------------------------------------

Tested versions
------------------------------------------------------------------------

This issue was successfully tested on version R9.2

------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

Patch to the latest version of VSA.

------------------------------------------------------------------------

Details
------------------------------------------------------------------------

https://www.securify.nl/advisory/SFY20170504/authentication-bypass-in-ka
seya-vsa.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus