Insufficiently Protected Credentials

CVE-2022-22983

Medium

5.9/10

Summary

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

Advisory Timeline

Published Aug 10, 2022

Insufficiently Protected Credentials

CVE-2022-22983

Summary

CWE-522 - Insufficiently Protected Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS