Security: VMware VirtualCenter Client SSL Verification Security Issue

VMware released a new security advice about VirtualCenter:

The security issue is caused due to the x.509 certificate presented by a server at the beginning of an SSL session is not verified.
This can be exploited to spoof valid servers via a man-in-the-middle attack.

The security issue is reported in the following versions:

  • VMware VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643)
  • VMware VirtualCenter client 1.4.x before 1.4.1 Patch 1 (Build 33425)

Download the VirtualCenter 2.0.1 Patch 1 here and VirtualCenter 1.4.1 Patch 1 here.