Small note for users of VMware vCenter before version 6.5u1. If you are using older versions, you should update to 6.5u1. This is because there is a vulnerability that allows files to be read without authentication.
It's a somewhat crude issue that was brought to my attention via Twitter. There is an Unauthenticated Arbitrary File Read vulnerability in VMware vCenter prior to 6.5u1, but no CVE has been assigned.
Using the password hints in the above tweet, an attacker can gain read access to files. The tweet is quite recent, but I checked the web. This reddit.com post is two months as and probably describes exactly the same issue published by @ptswarm on Twitter in October 2020. The vulnerability was fixed with the update to 6.5u1.
Cookies helps to fund this blog: Cookie settings