CVE-2023-34060

Name of the Vulnerable Software and Affected Versions VMware Cloud Director Appliance versions 10.5 through 10.5

Description The issue concerns an authentication bypass vulnerability in VMware Cloud Director Appliance. A malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider and tenant login). The vulnerability is related to the used version of the sssd library in Photon OS.

Recommendations For VMware Cloud Director Appliance version 10.5, update to version 10.5.1 to resolve the issue. As a temporary workaround, consider restricting access to ports 22 and 5480 to minimize the risk of exploitation.