VMware vCenter 5.5 LDAP Certificate Validation MitM Spoofing (VMSA-2015-0006)
Medium Nessus Plugin ID 86124
SynopsisThe remote host has a virtualization management application installed that is affected by a man-in-the-middle spoofing vulnerability.
DescriptionThe VMware vCenter Server installed on the remote host is version 5.5 prior to 5.5u3. It is, therefore, affected by a man-in-the-middle spoofing vulnerability due to improper validation of X.509 certificates from TLS LDAP servers. A remote, man-in-the-middle attacker can exploit this to intercept network traffic by spoofing a TLS server via a crafted certificate, resulting in the manipulation or disclosure of sensitive information.
SolutionUpgrade to VMware vCenter Server 5.5u3 (5.5.0 build-3000241) or later.