Description
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
Affected products
- VMware / vCenter Server4.1 – 4.1
References
- MISChttp://osvdb.org/70859
- VENDOR_ADVISORYhttp://secunia.com/advisories/43307
- VENDOR_ADVISORYhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
- VENDOR_ADVISORYhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html
- MISChttp://securityreason.com/securityalert/8079
- MISChttp://www.securityfocus.com/archive/1/516397/100/0/threaded