LDAP Authentication Bypass in VMware vCenter Server
CVE-2013-3107

Currently unrated

Key Information:

Vendor: Vmware
Status: Vcenter Server Appliance
Vendor: CVE Published:; 1 May 2013

Summary

VMware vCenter Server 5.1 prior to Update 1 is susceptible to an authentication bypass vulnerability due to the misuse of anonymous LDAP binding for Active Directory. This flaw allows remote attackers to gain unauthorized access by submitting a valid username with an empty password, thereby circumventing standard authentication mechanisms.

References

http://www.vmware.com/security/advisories/VMSA-2013-0006....

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 1, 2013