CVE-2013-3107

VMware vCenter Server <5.1 - Auth Bypass

Title source: llm

Description

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.

References (1)

[Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2013-0006.html

Scores

EPSS 0.0029

EPSS Percentile 51.8%

Classification

CWE

CWE-264

Status draft

Affected Products (1)

vmware/vcenter_server_appliance

Timeline

Published May 01, 2013

Tracked Since Feb 18, 2026