VMware Update

Vmware has told me that they will be releasing the patch for my previously reported ESX server vulnerability in Q3. I will write about the issue in full detail at that time. In the mean time I have been spending some of my time looking at the web management interface of VMware server. I have identified one XSS and one session management Issue so far. It seems to me that Vmware has a relativly leanient stance when it comes to certain areas of its security. An attacker just needs to know where to look. I can't wait to be able to test on my ESX box when I get back to Utah.