Page 2 of 7 results (0.001 seconds)

CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password. VMware VirtualCenter 2.5 antes de la actualización 3 build 119838 sobre Windows muestra la contraseña de un usuario en texto sin formato cuando la contraseña contiene caracteres especiales no especificados, lo cual permite robar la contraseña a atacantes físicamente próximos. • http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/32179 http://secunia.com/advisories/32180 http://www.securityfocus.com/archive/1/497041/100/0/threaded http://www.securityfocus.com/bid/31569 http://www.securitytracker.com/id?1020992 http://www.vmware.com/security/advisories/VMSA-2008-0016.html http://www.vupen.com/english/advisories/2008/2740 https://exchange.xforce.ibmcloud.com/vulnerabilities/45664 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." VirtualCenter de VMware versión 2.5 anterior a Update 2 y versión 2.0.2 anterior a Update 5, se basa en la función "enabled/disabled functionality" para el control de acceso, lo que permite a los atacantes remotos determinar nombres de usuario comprobados mediante la habilitación de la funcionalidad en la GUI y luego haciendo un "attempt to assign permissions to other system users". • http://secunia.com/advisories/31468 http://securityreason.com/securityalert/4150 http://www.insomniasec.com/advisories/ISVA-080812.1.htm http://www.securityfocus.com/archive/1/495386/100/0/threaded http://www.securityfocus.com/bid/30664 http://www.securitytracker.com/id?1020693 http://www.vmware.com/security/advisories/VMSA-2008-0012.html http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html http://www.vupen.com/english/advisories/2008/2363 https://exchange.xforce.ibmclou • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •