Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4278

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-4278
Last Modified 07 Mar 2011 10:12:12
Published 06 Oct 2008 03:54:36
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4278

Summary

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

Vulnerable Systems

Application

  • Vmware Virtualcenter 1.4.1

  • Vmware Virtualcenter 2.0.1

  • Vmware Virtualcenter 2.0.2

  • Vmware Virtualcenter 2.5


References

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0016.html

XF - vmware-virtualcenter-info-disclosure(45664)

VUPEN - ADV-2008-2740

SECTRACK - 1020992

BID - 31569

BUGTRAQ - 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

SECUNIA - 32180

SECUNIA - 32179

BUGTRAQ - 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and


Last Updated: 27 May 2016 10:48:26