Cloud Access Connector authentication bypass

Advisory Information

  • Advisory ID: TERA-SA-000069
  • CVE Numbers and Scores:
  • Published: 2 Feb. 2021
  • Last Updated: 2 Feb. 2021
  • Download PDF

Summary

Certain web application pages in the authenticated section of the Cloud Access Connector were accessible without the need to specify authentication tokens. Under the right conditions , this resulted in the ability to execute sensitive functions without credentials.


Affected Products

  • Cloud Access Connector v18 and earlier
  • Cloud Access Connector Legacy prior to May 4 2020 release

Solutions and Mitigations

Available Updates

Update to the latest version of Cloud Access Connector.

Workarounds and Mitigation

There are currently no workarounds or mitigations.

Vulnerability Details

CVE-2020-13185

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.

Remark

Vulnerability classification has been performed using the CVSSv3 scoring system. The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.


Additional Resources


Revision History

2 Feb. 2021: Initial Publication


Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TERADICI RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.