VMWare VirtualCenter client 2.x prior to 2.0.1 Patch 1 (Build 33643) and 1.4.x prior to 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware virtualcenter 1.4.1 |
||
vmware virtualcenter 2.0.1 |