Main Vulnerability Database Vulnerabilities #VU13955

Information disclosure in VMware Horizon - CVE-2018-6971

Published: July 23, 2018

Vulnerability identifier: #VU13955

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6971

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: VMware, Inc

Affected software:
VMware Horizon

Detailed vulnerability description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to the system logs authentication credentials in the 'vmmsi.log' log file when an account other than the current user account is specified during installation. A local attacker can view the passwords.

How to mitigate CVE-2018-6971

Update to version 7.5.1.

Sources

https://www.vmware.com/security/advisories/VMSA-2018-0018.html

Information disclosure in VMware Horizon - CVE-2018-6971

Detailed vulnerability description

How to mitigate CVE-2018-6971

Sources

Please verify you're human