Password Retention Vulnerability in VMware VirtualCenter and ESXi Products
CVE-2009-0518

Currently unrated

Key Information:

Vendor: Vmware
Status: Vmware Esx; Vmware Virtualcenter; Vmware Esxi
Vendor: CVE Published:; 6 April 2009

Summary

Certain versions of VMware VirtualCenter, ESXi, and ESX improperly retain the VirtualCenter Server password in process memory. This weakness may enable local users to access sensitive credentials, leading to potential unauthorized operations within the affected virtual environments. Regular updates and security practices are vital to mitigate this risk.

References

http://seclists.org/fulldisclosure/2009/Apr/0036.html

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/34373

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Apr 6, 2009
Vulnerability Reserved
Feb 10, 2009