The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
Weakness
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vcenter_server | Vmware | 6.5 (including) | 6.5 (including) |
| Vcenter_server | Vmware | 6.5-a (including) | 6.5-a (including) |
| Vcenter_server | Vmware | 6.5-b (including) | 6.5-b (including) |
| Vcenter_server | Vmware | 6.5-c (including) | 6.5-c (including) |
| Vcenter_server | Vmware | 6.5-d (including) | 6.5-d (including) |
| Vcenter_server | Vmware | 6.5-update1 (including) | 6.5-update1 (including) |
| Vcenter_server | Vmware | 6.5-update1b (including) | 6.5-update1b (including) |
| Vcenter_server | Vmware | 6.5-update1d (including) | 6.5-update1d (including) |
| Vcenter_server | Vmware | 6.5-update1e (including) | 6.5-update1e (including) |
| Vcenter_server | Vmware | 6.5-update1g (including) | 6.5-update1g (including) |
| Vcenter_server | Vmware | 6.5-update2 (including) | 6.5-update2 (including) |
| Vcenter_server | Vmware | 6.5-update2b (including) | 6.5-update2b (including) |
| Vcenter_server | Vmware | 6.5-update2c (including) | 6.5-update2c (including) |
| Vcenter_server | Vmware | 6.5-update2d (including) | 6.5-update2d (including) |
| Vcenter_server | Vmware | 6.5-update2g (including) | 6.5-update2g (including) |
| Vcenter_server | Vmware | 6.5-update3 (including) | 6.5-update3 (including) |
| Vcenter_server | Vmware | 6.5-update3d (including) | 6.5-update3d (including) |
| Vcenter_server | Vmware | 6.5-update3f (including) | 6.5-update3f (including) |
| Vcenter_server | Vmware | 6.5-update3k (including) | 6.5-update3k (including) |
| Vcenter_server | Vmware | 6.5-update3n (including) | 6.5-update3n (including) |
| Vcenter_server | Vmware | 6.5-update3p (including) | 6.5-update3p (including) |
| Vcenter_server | Vmware | 6.5-update3q (including) | 6.5-update3q (including) |
| Vcenter_server | Vmware | 6.5-update3r (including) | 6.5-update3r (including) |
| Vcenter_server | Vmware | 6.5-update3s (including) | 6.5-update3s (including) |
| Vcenter_server | Vmware | 6.5-update3t (including) | 6.5-update3t (including) |
| Vcenter_server | Vmware | 6.7 (including) | 6.7 (including) |
| Vcenter_server | Vmware | 6.7-a (including) | 6.7-a (including) |
| Vcenter_server | Vmware | 6.7-b (including) | 6.7-b (including) |
| Vcenter_server | Vmware | 6.7-c (including) | 6.7-c (including) |
| Vcenter_server | Vmware | 6.7-d (including) | 6.7-d (including) |
| Vcenter_server | Vmware | 6.7-update1 (including) | 6.7-update1 (including) |
| Vcenter_server | Vmware | 6.7-update1b (including) | 6.7-update1b (including) |
| Vcenter_server | Vmware | 6.7-update2 (including) | 6.7-update2 (including) |
| Vcenter_server | Vmware | 6.7-update2a (including) | 6.7-update2a (including) |
| Vcenter_server | Vmware | 6.7-update2c (including) | 6.7-update2c (including) |
| Vcenter_server | Vmware | 6.7-update3 (including) | 6.7-update3 (including) |
| Vcenter_server | Vmware | 6.7-update3a (including) | 6.7-update3a (including) |
| Vcenter_server | Vmware | 6.7-update3b (including) | 6.7-update3b (including) |
| Vcenter_server | Vmware | 6.7-update3f (including) | 6.7-update3f (including) |
| Vcenter_server | Vmware | 6.7-update3g (including) | 6.7-update3g (including) |
| Vcenter_server | Vmware | 6.7-update3j (including) | 6.7-update3j (including) |
| Vcenter_server | Vmware | 6.7-update3l (including) | 6.7-update3l (including) |
| Vcenter_server | Vmware | 6.7-update3m (including) | 6.7-update3m (including) |
| Vcenter_server | Vmware | 6.7-update3n (including) | 6.7-update3n (including) |
| Vcenter_server | Vmware | 6.7-update3o (including) | 6.7-update3o (including) |
| Vcenter_server | Vmware | 6.7-update3p (including) | 6.7-update3p (including) |
| Vcenter_server | Vmware | 6.7-update3q (including) | 6.7-update3q (including) |
| Vcenter_server | Vmware | 6.7-update3r (including) | 6.7-update3r (including) |
| Vcenter_server | Vmware | 7.0 (including) | 7.0 (including) |
| Vcenter_server | Vmware | 7.0-a (including) | 7.0-a (including) |
| Vcenter_server | Vmware | 7.0-b (including) | 7.0-b (including) |
| Vcenter_server | Vmware | 7.0-c (including) | 7.0-c (including) |
| Vcenter_server | Vmware | 7.0-d (including) | 7.0-d (including) |
| Vcenter_server | Vmware | 7.0-update1 (including) | 7.0-update1 (including) |
| Vcenter_server | Vmware | 7.0-update1a (including) | 7.0-update1a (including) |
| Vcenter_server | Vmware | 7.0-update1c (including) | 7.0-update1c (including) |
| Vcenter_server | Vmware | 7.0-update2 (including) | 7.0-update2 (including) |
| Vcenter_server | Vmware | 7.0-update2a (including) | 7.0-update2a (including) |
| Vcenter_server | Vmware | 7.0-update2b (including) | 7.0-update2b (including) |
| Vcenter_server | Vmware | 7.0-update2c (including) | 7.0-update2c (including) |
| Vcenter_server | Vmware | 7.0-update2d (including) | 7.0-update2d (including) |
| Vcenter_server | Vmware | 7.0-update3 (including) | 7.0-update3 (including) |
| Vcenter_server | Vmware | 7.0-update3a (including) | 7.0-update3a (including) |
| Vcenter_server | Vmware | 7.0-update3c (including) | 7.0-update3c (including) |
| Vcenter_server | Vmware | 7.0-update3d (including) | 7.0-update3d (including) |
| Vcenter_server | Vmware | 7.0-update3e (including) | 7.0-update3e (including) |
| Vcenter_server | Vmware | 7.0-update3f (including) | 7.0-update3f (including) |
| Vcenter_server | Vmware | 7.0-update3g (including) | 7.0-update3g (including) |
| Vcenter_server | Vmware | 7.0-update3h (including) | 7.0-update3h (including) |