Vulnerability Description
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Virtual Infrastructure Client | All versions |
| Vmware | Virtualcenter | <= 2.5 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180Vendor Advisory
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/31569
- http://www.securitytracker.com/id?1020992
- http://www.vmware.com/security/advisories/VMSA-2008-0016.htmlPatch
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45664
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180Vendor Advisory
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/31569
- http://www.securitytracker.com/id?1020992
FAQ
What is CVE-2008-4278?
CVE-2008-4278 is a vulnerability with a CVSS score of 2.1 (LOW). VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate at...
How severe is CVE-2008-4278?
CVE-2008-4278 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4278?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Virtual Infrastructure Client, Vmware Virtualcenter, Microsoft Windows.