VMware VirtualCenter SSL Session Man In The Middle Vulnerability
BID:21231
Info
VMware VirtualCenter SSL Session Man In The Middle Vulnerability
| Bugtraq ID: | 21231 |
| Class: | Design Error |
| CVE: |
CVE-2006-5990 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Nov 24 2006 05:35PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
VMWare VirtualCenter client 2.0.1 VMWare VirtualCenter client 2.0 VMWare VirtualCenter client 1.4 VMWare VirtualCenter client 1.4.1 |
| Not Vulnerable: |
VMWare VirtualCenter client 2.0.1 Patch 1 VMWare VirtualCenter client 1.4.1 Patch 1 |
Discussion
VMware VirtualCenter SSL Session Man In The Middle Vulnerability
VirtualCenter client is prone to a man-in-the-middle vulnerability. This issue is due to a design error in the affected application.
An attacker may exploit this issue to gain access to sensitive contents of encrypted network traffic. Depending on the type of information that is disclosed, this issue may lead to other attacks as well.
VirtualCenter client 2 before 2.0.1 patch 1 and VirtualCenter client prior to 1.4.1 patch 1 are vulnerable to this issue.
VirtualCenter client is prone to a man-in-the-middle vulnerability. This issue is due to a design error in the affected application.
An attacker may exploit this issue to gain access to sensitive contents of encrypted network traffic. Depending on the type of information that is disclosed, this issue may lead to other attacks as well.
VirtualCenter client 2 before 2.0.1 patch 1 and VirtualCenter client prior to 1.4.1 patch 1 are vulnerable to this issue.
Exploit / POC
VMware VirtualCenter SSL Session Man In The Middle Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
VMware VirtualCenter SSL Session Man In The Middle Vulnerability
Solution:
The vendor has released updates to address this issue. Please see the references for more information.
Solution:
The vendor has released updates to address this issue. Please see the references for more information.
References
VMware VirtualCenter SSL Session Man In The Middle Vulnerability
References:
References:
- Enabling Server-Certificate Verification for Virtual Infrastructure Clients (WMWare)
- VirtualCenter client Home Page (VMWare)
- VMSA-2006-0010 - SSL sessions not authenticated by VC Clients (VMware Security team