Subscribe via feed.

Rocket Software Unidata udadmin_server Authentication Bypass

Posted by deepcore on April 13, 2023 – 2:56 pm

This Metasploit module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server. This affects versions of UniData prior to 8.2.4 build 3003. This service typically runs as root. It accepts a username of “:local:” and a password in the form of “::”, where username and uid must be a valid account, but gid can be anything except 0. This exploit takes advantage of this login account to authenticate as a chosen user and run an arbitrary command (using the built-in OsCommand message).


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.