CVE-2008-4278

VMware VirtualCenter < 2.5 Update 3 - Cleartext Password Exposure via Special Characters

Title source: llm

Description

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

References (9)

Core 9

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=122331139823057&w=2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32180

Patch x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45664

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497041/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32179

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2740

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020992

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31569

Scores

EPSS 0.0006

EPSS Percentile 18.9%

Details

CWE

CWE-200

Status published

Products (5)

vmware/virtualcenter 1.4.1

vmware/virtualcenter 2.0.1

vmware/virtualcenter 2.0.2 (4 CPE variants)

vmware/virtualcenter 2.5 (2 CPE variants)

vmware/virtualcenter < 2.5

Published Oct 06, 2008

Tracked Since Feb 18, 2026