SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Horizon Vendors:   VMware
VMware Horizon View Agent Logging Error Lets Local Users View Passwords
SecurityTracker Alert ID:  1041358
SecurityTracker URL:  http://securitytracker.com/id/1041358
CVE Reference:   CVE-2018-6971   (Links to External Site)
Date:  Jul 20 2018
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): View Agent 7.x.x
Description:   A vulnerability was reported in VMware Horizon View Agent. A local user can obtain passwords on the target system.

When an account other than the current user account is specified during installation, the system logs authentication credentials in the 'vmmsi.log' log file. A local user can view the passwords.

Impact:   A local user can obtain passwords on the target system.
Solution:   VMware has issued a fix (View Agent 7.5.1).

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2018-0018.html

Vendor URL:  www.vmware.com/security/advisories/VMSA-2018-0018.html (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC