VMWare Server Plaintext Authorization
Medium Nessus Network Monitor Plugin ID 4288
SynopsisThe remote host passes information across the network in an insecure manner.
DescriptionThe remote host is running VMWare server, an application that allows users to run multiple operating systems virtually. Futher, this instance of VMWare is a server application that allows remote administrator access to the VMWare console.
This version of VMWare Server allows authentication without SSL. Sending credentials in plaintext allows passive attackers to either execute man-in-the-middle attacks or sniff the credentials while in transit.
SolutionNewer versions of the VMware Authentication daemon can be configured to only accept authentication over SSL.