1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VMware plugs critical information-leaking hole

Discussion in 'Help Net Security' started by RSS, Apr 15, 2016.

  1. RSS

    RSS New Member Member

    VMware has plugged a critical security issue in the VMware Client Integration Plugin, which could allow for a Man in the Middle attack or web session hijacking in case the user of the vSphere Web Client visits a malicious website. The vulnerability (CVE-2016-2076) is due to incorrect session handling, and could lead to disclosure of sensitive information. The buggy plugin is found in vCenter Server 6.0 (any 6.0 version prior to 6.0 U2), vCenter Server … More →

    Continue reading...

Share This Page