PROBLEM:
A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password.
PLATFORM:
Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01
ABSTRACT:
VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords.
reference LINKS:
SecurityTracker Alert ID: 1025923
VMware VFabric Download
CVE-2011-0527
IMPACT ASSESSMENT:
Medium
Discussion:
If the system stores passwords used for JMX authentication in an obfuscated form, a remote user can use the password in obfuscated form (or in plain text form) to authenticate.
Version 2.5.x is not affected.
Impact:
A remote user can login using an obfuscated version of their password.
VMware Technical Support
Solution:
The vendor has issued a fix VMware Support & Downloads (2.0.6.RELEASE, 2.1.2.RELEASE).