On April 9, VMware published VMSA-2020-0006, a security advisory for a critical vulnerability in vCenter Server that received the maximum CVSSv3 score of 10.0. The vulnerablity, %%cve:2020-3952%% , involves a sensitive information disclosure flaw in the VMware Directory Service (vmdir) which is included with VMware vCenter. Per the advisory, vmdir does not implement proper access controls, which could allow a malicious attacker with network access to obtain sensitive information. This likely can allow the attacker to compromise other services which rely on vmdir for authentication.
Article Link: https://isc.sans.edu/diary/rss/26006