VMware LDAP vulnerability is fixed

Affected versions are VMware vCenter Server prior to version 6.0 update 1 and VMware vCenter Server prior to version 5.5 update 3. The problem is that VMware vCenter Server does not validate the certificate when binding to an LDAP server using TLS. Exploitation of this vulnerability may allow an attacker that is able to intercept traffic between vCenter Server and the LDAP server to capture sensitive information.

VMware Security Advisory is available here – http://www.vmware.com/security/advisories/VMSA-2015-0006.html

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top