NEW VMSA-2016-0024 vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue

VMware Security Advisory

Advisory ID: VMSA-2016-0024

Severity:    Critical

Synopsis:    vSphere Data Protection (VDP) updates address SSH Key-Based

authentication issue

Issue date:  2016-12-20

Updated on:  2016-12-20 (Initial Advisory)

CVE number:  CVE-2016-7456


  1. Summary


vSphere Data Protection (VDP) updates address SSH key-based

authentication issue


  1. Relevant Products


vSphere Data Protection (VDP)


  1. Problem Description


  1. VDP SSH key-based authentication issue


VDP contains a private SSH key with a known password that is configured

to allow key-based authentication. Exploitation of this issue may allow

an unauthorized remote attacker to log into the appliance with root



VMware would like to thank Marc Ströbel aka phroxvs from HvS-Consulting

for reporting this issue to VMware.


The Common Vulnerabilities and Exposures project ( has

assigned the identifier CVE-2016-7456 to this issue.


Column 5 of the following table lists the action required to remediate

the vulnerability in each release, if a solution is available.


VMware      Product    Running            Replace with/     Mitigation/

Product     Version    on       Severity  Apply Patch       Workaround

==========  =========  =======  ========  ================  ==========

VDP         6.1.x      VA       Critical  KB2147069         None

VDP         6.0.x      VA       Critical  KB2147069         None

VDP         5.8.x      VA       Critical  KB2147069         None

VDP         5.5.x      VA       Critical  KB2147069         None


  1. Solution


Please review the patch/release notes for your product and version and

verify the checksum of your downloaded file.


vSphere Data Protection

Downloads and Documentation:


  1. References


– ————————————————————————–


  1. Change log


2016-12-20: VMSA-2016-0024

Initial security advisory in conjunction with the release of vSphere

Data Protection updates on 2016-12-20.

Created on December 20, 2016 by Rick Scherer

Posted under Alert.

This blog has 2,011 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave a Comment

Name (required)

Email (required)



More Blog Post