VMware fixed a critical vulnerability in one of its products this week that if exploited by an attacker, could’ve led to a man-in-the-middle attack.
According to an advisory, the problem existed in VMware’s Client Integration plugin, a collection of tools present in a handful of other products the company ships, including some versions of its vCenter Server, vCloud Director, and vRealize Automation Identity Appliance.
The plugin helps users access a virtual machine’s console and is used in tandem with vSphere, VMware’s web client.
The main issue is that the plugin failed to handle session content in a safe way, something that could have let an attacker carryout a man-in-the-middle (MiTM) attack or web session hijacking, assuming they got a victim to navigate to a malicious website.
To address the issue, users will have to not only update the software the plugin is present in, but also the plugin itself.
Only some versions of the software are vulnerable – vCenter Server 6.0, prior to 6.0 U2, vCenter Server 5.5 U3a, U3b, and U3c, vCloud Director 5.5.5, and Automation Identify Appliance 6.2.4.
VMware patched an important vulnerability, a cross-site scripting issue in vRealize last month, but this marks the first vulnerability since February’s troublesome glibc issue to be considered critical by the company.
