Unidesk management appliance is prone to a forceful browsing vulnerability that allows an attacker access to administrator resources.
The "ReportingService" of the web services does not check for session credentials to access reports about the Virtual Desktop Infrastructure environment.
These reports provides information such as:
* Applications installed
* CachePoint appliance information
* Desktop names
* Domain usernames
* Operating systems installed
An attacker may gain access to the reports by directly pointing to the following URL:
/Uni.Web/Reporting/Default.aspx
This issue can be exploited to access sensitive information that may lead to further attacks.
Unidesk Management Console version 1.3.0 and prior.
3/17/2011 Reported Vulnerability to the Vendor
3/25/2011 Vendor Acknowledge Vulnerability, fix will be addressed in the 1.4.0 release
Discovered by Nathan Power
www.securitypentest.com