VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities

EDB-ID:

28312




Platform:

Multiple

Date:

2006-07-31


source: https://www.securityfocus.com/bid/19249/info

VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The following issues were reported:

1. An information disclosure vulnerability that could disclose the session ID, username, and password if an attacker can access session cookies used by the management interface.

2. An information disclosure vulnerability that could expose authentication credentials to local users on the computer hosting the VMWare ESX Server. This vulnerability occurs because authentication credentials are also handled insecurely by the VMWare ESX management interface.

VMware ESX server versions 2.5.3 P2, 2.1.3 P1, 2.0.2, 2.0.2 P1, and 2.5.2 P4 are reported to be vulnerable; other versions may also be affected.

https://www.example.com/sx-users?op=setUsr&ag=&rg=&nm=root&hd=%2Froot&pw=test&pwc=test&grpSlct=