tags:auth_bypassenterprise_app original link: Bypassing Veeam Authentication CVE-2024-29849 newsletter link: exploits.club Weekly Newsletter 25


Exploits Club Summary:

Following up his post less than a week ago, @SinSinology is back again, this time taking a deep-dive into an auth bypass on Veeam. Similar to his first post, this one is exceptionally in-depth, doing a complete walk-through of the authentication code-flow, before jumping into what makes it vulnerable. In this case, the vulnerability stems from the ability to use an attacker controlled URL to validate auth tokens, so “we can tell “Veeam Enterprise Manager to ask our Rouge Server if the malicious token is valid or not”. Pretty cool bug, and the post wraps up with a small PoC.