Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
80 lines (55 sloc) 2.87 KB
[+] CVE ID: Pending
[+] Credits: Joshua Platz aka Binary1985 @joshuaplatz
[+] Website: https://github.com/binary1985
[+] Source: https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/VMWare%20Fusion%208.5
Vendor:
==========================
VMWare
https://www.vmware.com/
Product:
===========
VMWare Fusion
Validated on v8.5 (likely affects all product versions)
VMWare Fusion is a software hypervisor developed by VMware for Macintosh computers. VMware Fusion allows Intel-based Macs
to run operating systems such as Microsoft Windows, Linux, NetWare, or Solaris on Virtual Machines, along with their
Mac OS X operating system using a combination of paravirtualization, hardware virtualization and dynamic recompilation.
Vulnerability Type:
==========================
Encryption Boot Password Bypass
Vulnerability Details:
=====================
With regards to implemented Virtual Machine Encryption, Per Documentation provided by VMWare located at:
https://docs.vmware.com/en/VMware-Fusion/8.0/com.vmware.fusion.using.doc/GUID-C0886101-1C5E-433C-8D40-5B01D0A1295C.html
The results of implementing encryption are: "The Virtual Machine is encrypted. Users must provide the encryption password
to open, start, and resume the Virtual Machine."
Testing and research indicate that Encrypted Virtual Machines only need to enter passwords when opened. Once a Virtual
Machine's window is open, even if paused, or powered off, VMWare Fusion does not require the encryption password to power
on or resume Virtual Machines.
Not requiring the password to start or resume a Virtual Machine puts machines at risk of unauthorized access to the Virtual
Machine in the event the user did not close the Virtual Machine Window.
Replication:
=====================
1) Open an Encrypted Virtual Machine
2) Enter the Encryption Password to start Virtual Machine
3) Wait for Virtual Machine to Boot
4) Shut down Virtual Machine
5) Start Virtual Machine without entering Encryption Password
Remediation Details:
=====================
Ensure that Encrypted Virtual Machine windows are closed after shut down.
Timeline:
=====================
2017-09-30 - Issue Reported to Vendor
[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author
prohibits any malicious use of security related information
or exploits by the author or elsewhere.
Binary1985