Hi All,
As stated in the advisory "VMware vCenter Server does not validate the certificate when binding to an LDAP server using TLS. Exploitation of this vulnerability may allow an attacker that is able to intercept traffic between vCenter Server and the LDAP server to capture sensitive information."
Am I correct in assuming that the only way an attacker could exploit this is through a man in the middle attack between the vCenter server and the LDAP server during a Single Sign on authentication attempt?
Thanks in Advance for any responses