News from VMware vSphere Data Protection
VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance. VDP is a disk-based backup and recovery product that runs as an open virtual appliance (OVA). It integrates with the VMware vCenter Server and provides centralized management of backup jobs for up to 100 virtual machines.
Lucian Constantin published an article regarding VMware vSphere data protection the last days. He also explained that the company fixed a stored cross-site scripting flaw in ESXi.
Read his complete article here.
According to a VMware support article, the vSphere Data Protection (VDP) appliance contains a static SSH private key with a known password. This key allows interoperability with EMC Avamar, a deduplication backup and recovery software solution, and is pre-configured on the VDP as an AuthorizedKey.
Read the entire article here, News from VMware vSphere Data Protection
via the fine folks at opvizor.