VMware VirtualCenter Client Vulnerability: SSL Session Management Flaw
CVE-2006-5990

Currently unrated

Key Information:

Vendor: Vmware
Status: Virtualcenter
Vendor: CVE Published:; 21 November 2006

Summary

The VMware VirtualCenter client has a vulnerability that arises from improper server certificate verification when creating SSL sessions. This flaw allows malicious remote servers to spoof valid servers, enabling potential man-in-the-middle attacks. This can compromise sensitive data by intercepting and altering communications between clients and servers. Users of affected versions should take immediate action to apply the recommended patches to mitigate this risk.

References

http://www.vupen.com/english/advisories/2006/4655

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1017270

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/452275/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Nov 21, 2006
Vulnerability Reserved
Nov 20, 2006