Join us at hack.lu 2025 — Info & Registration
Duration: 30 min
Type: Talk
Speakers: Alain Mowat
Abstract
By it’s own definition, Dell’s Wyse Management Suite is “a secure hybrid cloud management solution for Dell thin clients”. While attempting to determine how secrets are encrypted in the policies pushed to thin clients, we stumbled down a rabbit hole which led to the discovery of multiple vulnerabilities.
These vulnerabilities allow not only to decrypt the secrets from policies issued to arbitrary devices, but also to fully compromise the Wyse Management Suite server, which in turn allows to take over all the devices in the thin client fleet.
While these issues are already important in the case of on-premise deployments, the risk is even higher in Dell’s own cloud environment, where tenant isolation is not sufficient to prevent exploitation from one tenant to another.
Description
This talk will walk through our process of examining Dell’s Wyse Management Suite in search of weaknesses or vulnerabilities that would initially allow us to decrypt secrets found in policies pushed out to thin clients.
WMS can be seen as a sort of Configuration Manager or even Device Management solution, where thin clients can register and retrieve configuration files and applications to be deployed. This makes it an ideal target for an attacker, as compromising the server would allow to take control of any clients in the fleet.
During this research, multiple vulnerabilities were discovered. The first ones allow an attacker to impersonate legitimate devices within the system in order to recover policies and decrypt secrets found within. Additional efforts uncovered vulnerabilities that can be exploited to fully compromise the WMS server or any remote repository configured by the system. This can in turn lead to the compromise of any of the devices in the fleet.
The device impersonation issues can also be exploited within Dell’s own cloud environment, where it is possible to leak information across tenants to access and compromise sensitive data and assets.
