Security vulnerability with Remote Management password authentication

  • 7006557
  • 03-Aug-2010
  • 30-Apr-2012

Environment

Novell ZENworks for Servers 3.0.2 - ZfS3.0.2
Novell ZENworks 7 Server Management Support Pack 1 - ZSM7 SP1
Novell ZENworks for Desktops 4 - ZfD4 Remote Management
Novell ZENworks for Desktops 4.0.1 - ZfD4.0.1 Remote Management
Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Remote Management

Situation

A hacker can reuse the Remote Management password information on the local managed device to authenticate into a remote session on another managed device when both the managed devices are configured with the same Remote Management password.

Resolution

Recommendation:
1. Disable password mode of authentication in the Remote Management policy, if its not being used. The property is disabled by default in the policy.
2. Distribute a common password via NAL or TED only in a trusted environment.

Status

Security Alert

Additional Information

The following conditions must be fulfilled for the hacker to play the attack:
1. Both the managed devices must be configured with the same password. Note: This may be common when a password is distributed to managed devices via NAL in case of ZDM 7.x and ZfD 4.x, and via TED in case of ZSM 7.x and ZfS 3.x.
2. The hacker must have access to a managed device configured with the Remote Management password.
3. The hacker needs to have knowledge of the protocol used for Remote Management password authentication.

Note:
1. A hacker cannot reuse the Remote Management password on a managed workstation to authenticate into a remote session on a managed server, and vice-versa.
2. A hacker cannot exploit the vulnerability when the password mode of authentication is disabled on the target managed device.
3. A hacker cannot exploit the vulnerability when the passwords do not match on the local and target managed device.
This vulnerability was discovered by ab, working with TippingPoint's Zero Day Iniative: TippingPoint ZDI-CAN-750