Vulnerabilities > CVE-2006-2481 - Credentials Management vulnerability in VMWare ESX
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 7 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | VMware ESX 2.x Multiple Information Disclosure Vulnerabilities. CVE-2006-2481. Remote exploits for multiple platform |
| id | EDB-ID:28312 |
| last seen | 2016-02-03 |
| modified | 2006-07-31 |
| published | 2006-07-31 |
| reporter | Stephen de Vries |
| source | https://www.exploit-db.com/download/28312/ |
| title | VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities |
References
- http://kb.vmware.com/kb/2118366
- http://secunia.com/advisories/21230
- http://www.corsaire.com/advisories/c060512-001.txt
- http://www.securityfocus.com/archive/1/441728/100/100/threaded
- http://www.securityfocus.com/archive/1/441825/100/100/threaded
- http://www.securityfocus.com/bid/19249
- http://www.vupen.com/english/advisories/2006/3075