VMWare Server Plaintext Authorization

medium Nessus Network Monitor Plugin ID 4288

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host is running VMWare server, an application that allows users to run multiple operating systems virtually. Futher, this instance of VMWare is a server application that allows remote administrator access to the VMWare console.
This version of VMWare Server allows authentication without SSL. Sending credentials in plaintext allows passive attackers to either execute man-in-the-middle attacks or sniff the credentials while in transit.

Solution

Newer versions of the VMware Authentication daemon can be configured to only accept authentication over SSL.

Plugin Details

Severity: Medium

ID: 4288

Family: Generic

Published: 11/19/2007

Updated: 1/15/2016

Detections

Analytics