• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

VMware Information Disclosure Vulnerability

VMware is prone to an information-disclosure vulnerability because the software sets insecure permissions on SSL key and certificate files.

If an attacker can gain access to SSL key files used to encrypt remote administrative connections, they can decrypt this traffic.

VMware Player for Linux, VMware Workstation for Linux, VMware Server for Linux, and VMware Infrastructure 3 are reported vulnerable.