CVE-2012-1513 Information

Description

The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4 4.1 before Update 2 and 4.2 before Update 1 places the vCenter Server password in an HTML document which allows remote authenticated administrators to obtain sensitive information by reading this document.

Reference

http://osvdb.org/80120 http://secunia.com/advisories/48408 http://www.securityfocus.com/bid/52525 http://www.securitytracker.com/id?1026816 http://www.vmware.com/security/advisories/VMSA-2012-0005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/74091