The flaw in VMware’s vCenter software, which was discovered while carrying out a test during a security engagement with a client, meant anyone could access the server to the highest level, a privilege normally reserved for authorised personnel.
7 Elements said the discovery highlighted the importance of security testing within companies to make sure they are protected against malicious users.
Chief executive David Stubley said: “We take responsible disclosure of new vulnerabilities seriously and have worked with VMware since February this year to ensure that fixes are available before public release of this issue.”
Doug McLeod, senior security consultant, added: “This could affect a large number of organisations and we strongly recommend anyone running vCenter to ensure that they have either the latest version from VMware running or apply the relevant security patch.”
In response to the discovery of VMware’s security risk, the California-based company said: “VMware would like to thank Doug McLeod of 7 Elements Ltd and an anonymous researcher working through HP’s Zero Day Initiative for highlighting the vulnerability.”