CVE-2008-4278

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.

Published: Oct 6, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4278
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
vmware / virtualcenter	-	2.5.x
vmware / virtualcenter	1.4.1	1.4.1.x
vmware / virtualcenter	2.0.1	2.0.1.x
vmware / virtualcenter	2.0.2	2.0.2.x
vmware / virtualcenter	2.0.2-update_4	2.0.2-update_4.x
vmware / virtualcenter	2.0.2-update_2	2.0.2-update_2.x
vmware / virtualcenter	2.0.2-update_3	2.0.2-update_3.x
vmware / virtualcenter	2.5-update_1	2.5-update_1.x
vmware / virtualcenter	2.5	2.5.x

http://marc.info/?l=bugtraq&m=122331139823057&w=2
http://secunia.com/advisories/32179
http://secunia.com/advisories/32180
http://www.securityfocus.com/archive/1/497041/100/0/threaded
http://www.securityfocus.com/bid/31569
http://www.securitytracker.com/id?1020992
http://www.vmware.com/security/advisories/VMSA-2008-0016.html
http://www.vupen.com/english/advisories/2008/2740
https://exchange.xforce.ibmcloud.com/vulnerabilities/45664

Vulnerability Database

289,697

CVE-2008-4278