|
|
CVE Reference: CVE-2008-3514 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3514 |
|
|
Description: VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users." |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/44425 ST 1020693 SREASON http://securityreason.com/securityalert/4150 SAID Secunia Advisory: SA31468 MISC http://www.insomniasec.com/advisories/ISVA-080812.1.htm CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0012.html http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/495386/100/0/threaded BID 30664 |
|
| Return to the previous page. |
