Kaseya VSA Broken Authentication Vulnerability
漏洞信息
漏洞名称: Kaseya VSA Broken Authentication Vulnerability
漏洞编号:
- CVE: CVE-2021-30116
漏洞类型: 未授权访问
漏洞等级: 严重
漏洞描述: Kaseya VSA是一款广泛使用的IT管理软件,主要用于企业级服务,提供远程监控和管理功能,广泛应用于各种规模的组织中。该软件在9.5.7版本之前存在一个严重的认证绕过漏洞。漏洞的具体原因是由于未授权访问下载页面以及dl.asp中的不安全凭证传输,攻击者可以利用这一点获取会话令牌,从而绕过认证机制。这一漏洞的技术根源在于缺乏适当的访问控制和输入验证,使得攻击者能够轻易获取敏感信息。此漏洞的影响极为严重,因为它允许攻击者在不需要任何认证的情况下,远程获取系统控制权,可能导致数据泄露、服务中断或其他恶意活动。由于Kaseya VSA的广泛使用,这一漏洞的影响范围非常广泛,攻击者可以利用此漏洞对大量系统进行攻击。
产品厂商: Kaseya
产品名称: Kaseya VSA
影响版本: version < 9.5.7
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12758
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
Kaseya VSA before 9.5.7 contains a credential disclosure caused by unauthenticated access to the download page and insecure credential transmission in dl.asp, letting attackers obtain session tokens and bypass authentication, exploit requires access to the download page and the KaseyaD.ini file.
Severity: Critical
POC:
KEV: True
Shodan Query: NA
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.