Computer Security
[EN] securityvulns.ru no-pyccku


VMware vSphere Data Protection certificate validation bypass
Published:02.02.2015
Source:
SecurityVulns ID:14246
Type:m-i-t-m
Threat Level:
5/10
Description:Insufficient server certificate validation.
Affected:VMWARE : vSphere Data Protection 5.8
CVE:CVE-2014-4632 (VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 does not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.)
Original documentdocumentVMWARE, NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability (02.02.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod