Critical VMware Bug Opens Up Corporate Treasure to Hackers
A new bug classified as level 10 in severity has been discovered in VMware’s Directory Service (vmdir) that could compromise entire corporate virtual infrastructures if exploited. Vmdir is part of the company’s Center Server product, which essentially provides centralized management of virtualized hosts and VMs from one console. A single sign-on (SSO) mechanism governs the workloads, simplifying things for administrators.
However, this component may end up hurting the administrator in the case of a cyberattack as it allows for one authentication mechanism that works across the entire management console rather than individual and separate credentials for each host or VM. The flaw, CVE-2020-3952, was disclosed and patched on Thursday.