BugZero | VMware vCenter BugID 67221665b04f - Update Manager Download Service (UMDS) stores prox...

VMware vCenter - Defect ID: 67221665b04f

Update Manager Download Service (UMDS) stores proxy passwords in plain text

VMware vCenter - Defect ID: 67221665b04f

Update Manager Download Service (UMDS) stores proxy passwords in plain text

Last updated on May 7th, 2026

BugZero Risk Score
0.0 Coming soon

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

VMware vCenter Integration

Learn more about where this data comes from

VMware vCenter Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Status: Known
Impact Category: Security Issues
Workaround Available:

Description

Disclaimer

A custom bug ID has been generated as the vendor did not provide one: 67221665b04f

Overview

When UMDS accesses a VMware online depot by using a proxy, if you have configured a proxy password, it is stored in the configuration as plain text, which in some environments might be a security concern. For example, ./vmware-umds -D --proxy-username "<your_username>" --proxy-password "<your_password>" --proxy-port 80 --proxy-ip 1.1.1.1 .

Workaround

Instead of configuring a password, you can pass the password every time you run a Downland (-D) and Re-Download (-R) command

Bug URLs

https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/vcenter-server-update-and-patch-release-notes/vsphere-vcenter-server-70u3v-release-notes.html https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-update-and-patch-release-notes/vsphere-vcenter-server-80u3e-release-notes.html

Change history

2025-10-30 changed to Known

Top VMware vCenter Defects

Defect ID: 3557847
Missing logs in the vCenter log file for vSAN health
Defect ID: 3488172
Login instructions for RSA SecurID Authentication in the vSphere Client might display HTML tags as plain text
Defect ID: 3484244
A rare race condition might cause repeating failovers due to a failure of the vCenter vpxd service or vSphere Client becoming unresponsive
Defect ID: 68adfd8f5272
vSphere Storage vMotion operations might fail in a vSAN environment due to an unauthenticated session of the Network File Copy (NFC) manager
Defect ID: 524f315fc61b
You see large threadmonitor<num>.log files in the vsphere-ui logs directory

Ready to prevent the next vendor outage?

Get a demo

VMware vCenter - Defect ID: 67221665b04f

Update Manager Download Service (UMDS) stores proxy passwords in plain text

VMware vCenter - Defect ID: 67221665b04f

Update Manager Download Service (UMDS) stores proxy passwords in plain text

Last updated on May 7th, 2026

BugZero Risk Score0.0 Coming soon

Bug Details

Disclaimer

Overview

Workaround

Bug URLs

Links

Top VMware vCenter Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
0.0 Coming soon