Patch/Configuration Management, Vulnerability Management

VMware addresses vulnerability in vCenter Server

VMware has released updates that address a LDAP certificate validation vulnerability (CVE-2015-6932) in vCenter Server.

According to a Wednesday advisory, VMware vCenter Server 6.0 and VMware vCenter Server 5.5 running on any system should be replaced with version 6.0 update 1 and version 5.5 update 3, respectively. Versions 5.1 and 5.0 are not affected.

“VMware vCenter Server does not validate the certificate when binding to an LDAP server using TLS,” the advisory said. “Exploitation of this vulnerability may allow an attacker that is able to intercept traffic between vCenter Server and the LDAP server to capture sensitive information.”

A Wednesday SecurityTracker post explained that network traffic can be intercepted by a remote user who successfully executes a man-in-the-middle attack between the LDAP server and the target system.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.