CVE-2019-5532

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 6.7.x prior to 6.7 U3 VMware vCenter Server version 6.5 prior to 6.5 U3 VMware vCenter Server version 6.0 prior to 6.0 U3j

Description The issue is related to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF, typically the root account of the virtual machine. This is due to insufficient protection of registration data, which can allow a remote attacker to gain access to user credentials.

Recommendations For versions 6.7.x prior to 6.7 U3, update to version 6.7 U3 or later to resolve the issue. For version 6.5 prior to 6.5 U3, update to version 6.5 U3 or later to resolve the issue. For version 6.0 prior to 6.0 U3j, update to version 6.0 U3j or later to resolve the issue. As a temporary workaround, consider restricting access to the log files containing vCenter OVF-properties to minimize the risk of exploitation.