Critical Vuln in vCenter vmdir (CVE-2020-3952), (Fri, Apr 10th)

On April 9, VMware published VMSA-2020-0006, a security advisory for a critical vulnerability in vCenter Server that received the maximum CVSSv3 score of 10.0.  The vulnerablity, %%cve:2020-3952%% , involves a sensitive information disclosure flaw in the VMware Directory Service (vmdir) which is included with VMware vCenter. Per the advisory, vmdir does not implement proper access controls, which could allow a malicious attacker with network access to obtain sensitive information.  This likely can allow the attacker to compromise other services which rely on vmdir for authentication.

Article Link: