File Read Vulnerability in VMware vCenter Prior to Version 6.5u1

Posted on 2021-01-07 by guenni

Small note for users of VMware vCenter before version 6.5u1. If you are using older versions, you should update to 6.5u1. This is because there is a vulnerability that allows files to be read without authentication.

Advertising

It's a somewhat crude issue that was brought to my attention via Twitter. There is an Unauthenticated Arbitrary File Read vulnerability in VMware vCenter prior to 6.5u1, but no CVE has been assigned.

Unauthenticated Arbitrary File Read in VMware vCenter

Using the password hints in the above tweet, an attacker can gain read access to files. The tweet is quite recent, but I checked the web. This reddit.com post is two months as and probably describes exactly the same issue published by @ptswarm on Twitter in October 2020. The vulnerability was fixed with the update to 6.5u1.

Advertising
This entry was posted in Security, Virtualization and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).