vendor:
ESX Server
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: ESX Server
Affected Version From: 2.5.3 P2
Affected Version To: 2.5.2 P4
Patch Exists: Yes
Related CWE: CVE-2006-4456
CPE: a:vmware:esx_server
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2006
VMware ESX Information Disclosure Vulnerabilities
VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The first vulnerability could disclose the session ID, username, and password if an attacker can access session cookies used by the management interface. The second vulnerability could expose authentication credentials to local users on the computer hosting the VMWare ESX Server. This vulnerability occurs because authentication credentials are also handled insecurely by the VMWare ESX management interface.
Mitigation:
Ensure that authentication credentials are handled securely and that session cookies are not accessible to attackers.
