VMware hacked by ERPScan at a conference in Las Vegas
On July 27, Alexander Minozhenko, senior researcher at ERPScan, participated in the DEFCON event in Las Vegas with a presentation called “How to Hack VMware vCenter Server in 60 Seconds”. DEFCON is the oldest event in the world of information security, which celebrated its 20th anniversary this year. The conference has gathered more than 16 000 attendees.
The researcher showed the audience how full control over a virtual infrastructure can be achieved if a few “non-dangerous” bugs are taken together – for instance, a directory traversal vulnerability in Jetty web server which was considered closed after an update. However, ERPScan researchers had once again found that the patch did not solve the problem completely.
For every security researcher, participation in such a legendary event as DEFCON is an important milestone. Over a thousand people listened to my speech, and this is the best acknowledgement that the work performed by ERPScan research group is interesting and useful for wide audience. We are also pleased to mention that a VMware representative contacted us before the event and thanked us for the work done, for the non-disclosure principle strictly adhered to, and for the information about the vulnerability given to VMware in advance
– Alexander shared his impressions.
This is our first presentation at DEFCON but we have been at BlackHat in Las Vegas twice as well as at BlackHat Europe and BlackHat DC. I am sure that the next year we will also qualify for the legendary BlackHat conference and give our 5th speech there as well as at DEFCON, which is very different from BlackHat but no less legendary
– Ilya Medvedovsky, ERPScan CEO, commented on the event.
The presentation called “How to Hack VMware vCenter Server in 60 Seconds” can be downloaded from our website.