Once this file is opened, it will connect to the attacker’s IP address such that their local drive will be mapped to the attacker’s remote desktop server. By using newline characters ( %0a) in the parameter, it is possible to include extra settings into the remote desktop connection file, such as drive mapping redirections.Įxample: An authenticated administrator that was manipulated into clicking the above URL will receive a remote desktop connection file. However, it was found that the ipAddress parameter within getRdpByIP does not properly validate the input supplied by a user. The request will look similar to the following: /admin/getRdpByIp.action?ipAddress=
This process only can be performed by a user with administrative privilege. Horizon DaaS allows a creation of a remote desktop connection file through the application. Improper IP Address Validation (CVE-2017-4897)> Improper IP Address Validation (CVE-2017-4897) Browse, search, and inspect APIs across all major VMware platforms, including vSphere, vRealize, vCloud Suite, and NSX. A virtual client computing hyper-converged infrastructure solution exclusively designed for service providers and. Horizon DaaS 8.0: How to integrate Horizon DaaS 8.0 with Workspace One Just like the previous blog post for Horizon DaaS 8.0, I will not use an on-premises installation for Workspace ONE Access (Identity Manager) but use the cloud-hosted solution (SaaS) by VMware.
0 kommentar(er)
