VMware Flaw Used To Hit Choice Targets In SolarWinds Hack: Report A VMware vulnerability that allowed federated authentication abuse was used by the SolarWinds hackers to attack valuable targets, KrebsOnSecurity said. VMware said it didn’t have any indication of this happening. By Michael Novinson December 18, 2020, 03:52 PM EST A VMware vulnerability that allowed access to protected data and federated authentication abuse was used by the SolarWinds hackers to attack high-value targets, KrebsOnSecurity reported. The U.S. National Security Agency (NSA) warned on Dec. 7 that a flaw in the software of Palo Alto, Calif.-based VMware was being used by Russian hackers to impersonate legitimate users on breached networks. In order to exploit this vulnerability, the NSA said hackers would need to be on the target’s internal network, which KrebsOnSecurity pointed out would have been the case in the SolarWinds hack.