VMware Cloud Director vulnerability allowed for full cloud infrastructure takeover
The Daily Swig
VMware has patched a vulnerability in VMware Cloud Director that opened the door to the complete takeover of an organization’s cloud infrastructure through straightforward code injection.
Cloud Director allows cloud providers, governments, and large enterprises to create and manage virtual data centers, and serves over 500,000 customers worldwide.
But a flaw discovered by researchers at Citadelo could have allowed attackers to manipulate a single simple form submission and take over these private clouds, accessing sensitive data and modifying logins to capture the username and password of other users.
The company has issued...