VMware released a new security advice about VirtualCenter:
The security issue is caused due to the x.509 certificate presented by a server at the beginning of an SSL session is not verified.
This can be exploited to spoof valid servers via a man-in-the-middle attack.The security issue is reported in the following versions:
- VMware VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643)
- VMware VirtualCenter client 1.4.x before 1.4.1 Patch 1 (Build 33425)
Download the VirtualCenter 2.0.1 Patch 1 here and VirtualCenter 1.4.1 Patch 1 here.