Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VMWare Server Plaintext Authorization



The remote host passes information across the network in an insecure manner.


The remote host is running VMWare server, an application that allows users to run multiple operating systems virtually. Futher, this instance of VMWare is a server application that allows remote administrator access to the VMWare console. This version of VMWare Server allows authentication without SSL. Sending credentials in plaintext allows passive attackers to either execute man-in-the-middle attacks or sniff the credentials while in transit.


Newer versions of the VMware Authentication daemon can be configured to only accept authentication over SSL.