Vulnerability Details CVE-2008-4278
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.4%
CVSS Severity
CVSS v2 Score 2.1
References
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/31569
- http://www.securitytracker.com/id?1020992
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45664
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/31569
- http://www.securitytracker.com/id?1020992
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45664
Products affected by CVE-2008-4278
-
cpe:2.3:a:vmware:virtual_infrastructure_client:-
-
cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2.50618
-
cpe:2.3:a:vmware:virtual_infrastructure_client:2.0.2.62345
-
cpe:2.3:a:vmware:virtualcenter:*
-
cpe:2.3:a:vmware:virtualcenter:1.4.1
-
cpe:2.3:a:vmware:virtualcenter:2.0
-
cpe:2.3:a:vmware:virtualcenter:2.0.1
-
cpe:2.3:a:vmware:virtualcenter:2.0.2
-
cpe:2.3:a:vmware:virtualcenter:2.5
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista