Main Vulnerability Database SB2020112010

SB2020112010 - Weak password requirements in VMware SD-WAN Orchestrator

Published: November 20, 2020

Security Bulletin ID SB2020112010

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Weak password requirements (CVE-ID: CVE-2020-4001)

The vulnerability allows an attacker to gain unauthorized access to the system.

The vulnerability exists due to the same salt is used in conjunction with the default password of predefined accounts on freshly installed systems allowing for for Pass-the-Hash-Attacks. That same system could be accessed by an attacker using the default password for the predefined account.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.vmware.com/security/advisories/VMSA-2020-0025.html