Sensitive Information Disclosure in VMware vCenter Orchestrator Web Configuration Tool

Sensitive Information Disclosure in VMware vCenter Orchestrator Web Configuration Tool

CVE-2012-1513 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.

Learn more about our Web App Pen Testing.