[Important] ADV-2017-018: Privilege escalation when using Mutual SSL on Tableau Server

 

Severity: Critical

 

Summary: There is an authentication bypass vulnerability that allows an attacker to authenticate as a Tableau Server user of their choice.

 

The vulnerability is exploitable when the following conditions are true:

  • Tableau Server is configured for Mutual SSL authentication (authentication with client certificates)
  • The insecure HTTP port (default is port 80) is accessible to an attacker

 

Impact: An unauthenticated attacker can access Tableau Server as a Tableau Server user.

 

Vulnerable Versions: 9.1.0 (through 9.1.19), 9.2.0 (through 9.2.18) 9.3.0 (through 9.3.16), 10.0.0 (through 10.0.11), 10.1.0 (through 10.1.9), 10.2.0 (through 10.2.3), 10.3.0 (through 10.3.1)

 

Mitigation: Disable the insecure HTTP port (default is port 80) on the computer running Tableau Server.

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server 9.1.20

Tableau Server 9.2.19

Tableau Server 9.3.17

Tableau Server 10.0.12

Tableau Server 10.1.10

Tableau Server 10.2.4

Tableau Server 10.3.2