VMware vSphere Data Protection Private SSH Key Authentication Bypass (VMSA-2016-0024)
Critical Nessus Plugin ID 96338
SynopsisA virtualization appliance installed on the remote host is affected by an authentication bypass vulnerability.
DescriptionThe version of VMware vSphere Data Protection installed on the remote host is 5.5.x / 5.8.x / 6.0.x / 6.1.x. It is, therefore, affected by an authentication bypass vulnerability due to the use of an SSH private key that has a known password and which is configured to allow key-based authentication. A remote attacker can exploit this to gain root login access via an SSH session.
SolutionApply the appropriate patch according to the vendor advisory.