Main Vulnerability Database SB2011021602

SB2011021602 - Credentials management in VMware, vCenter Server

Published: February 16, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011021602

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Credentials management (CVE-ID: CVE-2010-2928)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.

Remediation

Install update from vendor's website.

References

http://osvdb.org/70859
http://secunia.com/advisories/43307
http://securityreason.com/securityalert/8079
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html