icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

VMWare Server Plaintext Authorization

Medium

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host is running VMWare server, an application that allows users to run multiple operating systems virtually. Futher, this instance of VMWare is a server application that allows remote administrator access to the VMWare console. This version of VMWare Server allows authentication without SSL. Sending credentials in plaintext allows passive attackers to either execute man-in-the-middle attacks or sniff the credentials while in transit.

Solution

Newer versions of the VMware Authentication daemon can be configured to only accept authentication over SSL.