VMware vCenter 6.0 LDAP Certificate Validation MitM Spoofing (VMSA-2015-0006)
Medium Nessus Plugin ID 86125
SynopsisThe remote host has a virtualization management application installed that is affected by a man-in-the-middle spoofing vulnerability.
DescriptionThe VMware vCenter Server installed on the remote host is version 6.0 prior to 6.0u1. It is, therefore, affected by a man-in-the-middle spoofing vulnerability due to improper validation of X.509 certificates from TLS LDAP servers. A remote, man-in-the-middle attacker can exploit this to intercept network traffic by spoofing a TLS server via a crafted certificate, resulting in the manipulation or disclosure of sensitive information.
SolutionUpgrade to VMware vCenter Server 6.0u1 (6.0.0 build-3018521) or later.