As both x86 virtualization and the consumption of cloud services continue apace there is yet to be a well-publicized breach attributed to a compromised hypervisor. In late December 2013 the OpenSSL website, which was being served from a virtual machine, was defaced via a management console.Early speculation about the attack involving a hypervisor vulnerability gave way to confirmation that one of the hosting provider's passwords was weak and compromised to access a management console.This presentation investigates the prevalence of vSphere management interfaces on the public internet and describes two ESXi vulnerabilities that can be exploited over the management interface.Will the next big cloud breach come via a management interface?