How can an attacker with vCenter local admin privileges gain access to the VCSA management panel?

Question

How can an attacker with vCenter local admin privileges gain access to the VCSA management panel?

Accepted Answer

The attacker extracts the IdP certificate from `/storage/db/vmware-vmdir/data.mdb`, creates a SAML request for an administrator user, and authenticates against vCenter to obtain a valid JSESSIONID cookie. This cookie grants administrator access to the VCSA management panel, enabling control over virtual machines. For full details, see vSphere Development Guide 6 - vCenter SAML Certificates.

How can an attacker with vCenter local admin privileges gain access to the VCSA management panel?

Explore More Q&A