Beware VMware users! Hackers Could Hijack Your Web Session!

Are you a VMware player and VMware Workstation user? If yes, then update it as soon as possible. A major vulnerability has been found by some security researchers in Client Integration Plugin of VMware. This security issue was allowing hackers to hijack the web session of VMware users. MITM attack was also possible due to this vulnerability. This vulnerability has been registered by the security researchers under CVE-2016-2076.

According to a report of VMware advisory,” It is possible to hijack web sessions of the VMware users, due to a major security issue of its Client Integration Plugin. Man in the Middle attack is also possible due to this security flaw. All this could happen because its plugin is not handling content of web session in a safe way. Hackers could exploit this vulnerability by tricking the VMware to visit a third party website, which has malicious links.”

Most Infected Plugins

If you are using “vCloud Director 5.5.5”, “ vCenter Server 6.0”, “vRealize Automation Identity Appliance 6.2.4” and “vCenter Server 6.0”, then please update your plugins to keep your systems and data secure from the hackers. This vulnerability is allowing hackers to infect data from both client side and Server side, therefore there is need to update it as soon as possible.

An updated version of Client Integration for vCloud Director, vCenter Server and vRealize is available on its official websites. Every outdated software and Plugin is a malware, so update your plugins immediately.