Exploit released for critical VMware SSH auth bypass vulnerability


For a significant SSH authentication bypass flaw in VMware’s Aria Operations for Networks analysis product, proof-of-concept exploit code has been made available. Security researchers from ProjectDiscovery Research discovered the weakness, which was addressed by VMware on Wednesday with the introduction of version 6.11.

Because of what the business refers to as “a lack of unique cryptographic key generation,” successful exploitation enables remote attackers to bypass SSH authentication on unpatched appliances and access the tool’s command line interface without the need for user involvement.

Read More…