What is VMSA-2023-0026?
VMware states that: On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console). This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.
Well, not that descriptive, right? VMware KB 95534 sheds some light on CVE-2023-34060. Only VMware Cloud Director appliances that have been upgraded to 10.5.0 from any previous version are affected; newly deployed appliances and Linux-based Cloud Directors are safe.
This is odd, but if you scroll down a bit, you'll find a one-liner to prove if your appliance has the problem. It states:
Now things are starting to make a little more sense. To complete the picture, we should also look at CVE-2023-34060. It's crystal clear now.
Whoever prepared the Photon OS update forgot to check the PAM configuration changes made during the update.
How CVE works
CVE-2023-34060: The sssd package installed during the upgrade added some insecure options to the PAM configuration, which weakened the password and authentication policy used for local, SSH, and :5480 authentication.
How to patch these vulnerabilities
There is no fixed version available at this time. The only option is to manually run the attached script on each affected VMware Cloud Director appliance.
The original VMSA article is available here.