vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue

2016-12-20T00:00:00
ID VMSA-2016-0024
Type vmware
Reporter VMware
Modified 2017-06-06T00:00:00

Description

VDP SSH key-based authentication issue

VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges.

VMware would like to thank Marc Ströbel aka phroxvs from HvS-Consulting for reporting this issue to VMware.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7456 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.