VMware ESX Server Multiple Vulnerabilities
Thursday, 03 August 2006 by Michel Roth
Corsaire has reported some vulnerabilities in VMware ESX Server, which can be exploited to gain knowledge of potentially sensitive information or conduct cross-site request forgery attacks.

1) When changing passwords using the management interface, the GET request containing the password in clear text is logged to a world-readable file.

2) The management interface uses a proprietary session ID format containing authentication credentials encoded in base64. If malicious people get hold of the session cookies, it's possible to gain knowledge of the user account and password.

3) The management interface allows users to perform certain actions via HTTP GET requests without performing any validity checks to verify the user's request. This can be exploited to change a user's password when user visits a malicious web site while logged in.

Read the Secunia Advisory.

Related Items:

VMWare ESX Server Multiple Vulnerabilities (9 January 2007)
Citrix Products Login Page Cross-Site Scripting Vulnerability (1 December 2005)
VMware ESX Server Multiple Vulnerabilities (5 April 2007)
Citrix Web Interface On-line Help Feature Cross Site Scripting Vulnerability (19 December 2007)
VMware "vmware-config.pl" Insecure SSL Key File Permissions (21 July 2006)
Citrix MetaFrame Presentation Server Client Debugging Security Issue (22 November 2004)
Firefox Multiple Vulnerabilities (13 July 2005)
Citrix MetaFrame Password Manager "Reveal Password" Policy Bypass (15 March 2005)
VMware ESX Server Multiple Vulnerabilities (14 November 2006)
Citrix Presentation Server Client Unspecified Code Execution (2 March 2007)
Comments (0)
Show/Hide comment form