CVE-2016-5333
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
Date published : 2016-08-30
http://www.securityfocus.com/bid/92474
http://www.vmware.com/security/advisories/VMSA-2016-0012.html