A VMWare AirWatch bug allowed users to access others sensitive data

VMWare have recently patched a loophole that allowed hackers to access sensitive customer information on AirWatch systems.

@smithymayo
Published Fri, Dec 12 2014 9:06 PM CST   |   Updated Tue, Nov 3 2020 12:12 PM CST

AirWatch's on-premise mobile device management solution has recently received a major update - patching a flaw that enabled users who manage MDM solutions in multi-tenant environments to access other users data and information.

A VMWare AirWatch bug allowed users to access others sensitive data | TweakTown.com

The patch was issued this week, closing the 'information disclosure hole' in its services. iTnews reported that the published security advisory VMSA-2014-0014 addressed the issue, with them claiming this was due to "AirWatch On-Premise having direct object reference vulnerabilities which could allow a manager of an MDM deployment in a multi-tenant environment to see organisational information and statistics of other tenants."

These direct object reference vulnerabilities will allow criminals to bypass user authentication and access all of your databases and sensitive files directly - rendering any security measures in place as useless. According to the Open Web Application Security Project this flaw is quite common and widespread, seeing it exploited by hackers globally in the past and present. Due to this flaw, there have been previous reports of up to 500 Dodo Power and Gas customer information being compromised two years ago, alongside Australia Post removing its Send and Click service due to a similar discovery.

VMWare claim that this issue directly affects their AirWatch product versions from the 7.3.x.x series - before 7.3.30 FP3.

I'm a competitive gamer and was an eSports employee. Recent changes have seen me hang up the mouse and move over to the technology world, covering all news for TweakTown, ranging from gaming news to opinion articles and the latest tech releases. Expect to see a few different articles on international eSports news and competitive game releases, as well as audio and mobile device content.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles