VMWare Server Plaintext Authorization

Medium Nessus Network Monitor Plugin ID 4288


The remote host passes information across the network in an insecure manner.


The remote host is running VMWare server, an application that allows users to run multiple operating systems virtually. Futher, this instance of VMWare is a server application that allows remote administrator access to the VMWare console.
This version of VMWare Server allows authentication without SSL. Sending credentials in plaintext allows passive attackers to either execute man-in-the-middle attacks or sniff the credentials while in transit.


Newer versions of the VMware Authentication daemon can be configured to only accept authentication over SSL.

Plugin Details

Severity: Medium

ID: 4288

File Name: 4288.prm

Family: Generic

Published: 2007/11/19

Modified: 2016/01/15

Risk Information

Risk Factor: Medium