Horizon3.ai has just published Veeam Backup and Replication CVE-2023-27532 Deep Dive and a new proof of concept (POC) allowing an unauthenticated user with access to the Veeam backup service (TCP 9401 by default) to extract cleartext user names and passwords.
The Veeam platform provides data recovery in the event of ransomware attacks on multi‑cloud infrastructure. Which means that this POC is a huge problem.
Horizon3.ai Exploit Developer James Horseman said:
“CVE-2023-27532 allows an unauthenticated user with access to the Veeam backup service to request cleartext credentials. We have examined the vulnerable port, reverse engineered the Veeam Backup Service, and constructed a WCF client using .NET core. We have also shown how to extract credentials from the Veeam database by invoking the CredentialsDbScopeGetAllCreds and CredentialsDbScopeFindCredentials endpoints. Finally, we have released our POC on Github, which is built on .NET core and capable of running on Linux, making it accessible to a wider audience. It is important to note that this vulnerability should be taken seriously and patches should be applied as soon as possible to ensure the security of your organization.”
He also notes that others, including Huntress, Y4er, and CODE WHITE, have provided insight into this vulnerability. Horizon3.ai published its post and POC to offer additional insights.
You can read the deep dive here.
Related
This entry was posted on March 23, 2023 at 1:01 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cleartext credentials can be extracted from Veeam Backup & Data Recovery: Horizon3.ai
Horizon3.ai has just published Veeam Backup and Replication CVE-2023-27532 Deep Dive and a new proof of concept (POC) allowing an unauthenticated user with access to the Veeam backup service (TCP 9401 by default) to extract cleartext user names and passwords.
The Veeam platform provides data recovery in the event of ransomware attacks on multi‑cloud infrastructure. Which means that this POC is a huge problem.
Horizon3.ai Exploit Developer James Horseman said:
“CVE-2023-27532 allows an unauthenticated user with access to the Veeam backup service to request cleartext credentials. We have examined the vulnerable port, reverse engineered the Veeam Backup Service, and constructed a WCF client using .NET core. We have also shown how to extract credentials from the Veeam database by invoking the CredentialsDbScopeGetAllCreds and CredentialsDbScopeFindCredentials endpoints. Finally, we have released our POC on Github, which is built on .NET core and capable of running on Linux, making it accessible to a wider audience. It is important to note that this vulnerability should be taken seriously and patches should be applied as soon as possible to ensure the security of your organization.”
He also notes that others, including Huntress, Y4er, and CODE WHITE, have provided insight into this vulnerability. Horizon3.ai published its post and POC to offer additional insights.
You can read the deep dive here.
Share this:
Like this:
Related
This entry was posted on March 23, 2023 at 1:01 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.