You are here

T-692: VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords

August 12, 2011 - 3:47pm

Addthis

PROBLEM:

A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password.

PLATFORM:

Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01

ABSTRACT:

VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords.

reference LINKS:

SecurityTracker Alert ID: 1025923
VMware VFabric Download
CVE-2011-0527

IMPACT ASSESSMENT:

Medium

Discussion:

If the system stores passwords used for JMX authentication in an obfuscated form, a remote user can use the password in obfuscated form (or in plain text form) to authenticate.

Version 2.5.x is not affected.

Impact:

A remote user can login using an obfuscated version of their password.
VMware Technical Support

Solution:

The vendor has issued a fix VMware Support & Downloads (2.0.6.RELEASE, 2.1.2.RELEASE).

 

Addthis