Information Disclosure Vulnerability in VMware VirtualCenter by VMware
CVE-2008-4278

Currently unrated

Key Information:

Vendor: Vmware
Status: Virtualcenter
Vendor: CVE Published:; 6 October 2008

What is CVE-2008-4278?

A vulnerability exists in VMware VirtualCenter 2.5 prior to Update 3 that allows local attackers to view user passwords in cleartext when special characters are included. This flaw poses a significant risk, as physically proximate users can easily exploit this weakness to retrieve sensitive credentials, compromising the security and integrity of the affected systems.

References

http://marc.info/?l=bugtraq&m=122331139823057&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/32179

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/2740

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2008
Vulnerability Reserved
Sep 26, 2008

Vmware

What is CVE-2008-4278?

References

Timeline