A vulnerability was reported in VMware vFabric tc Server. A remote user can login using an obfuscated version of their password.
Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01
VMware vFabric tc Server Lets Remote Users Login Using Obfuscated Passwords.
If the system stores passwords used for JMX authentication in an obfuscated form, a remote user can use the password in obfuscated form (or in plain text form) to authenticate.
Version 2.5.x is not affected.
A remote user can login using an obfuscated version of their password.
VMware Technical Support
The vendor has issued a fix VMware Support & Downloads (2.0.6.RELEASE, 2.1.2.RELEASE).