Alessandro Vozza

**Name of the Vulnerable Software and Affected Versions** openstack-puppet-modules versions prior to 2014.2.13-2 **Description** The issue concerns the use of a default password 'CHANGEME' for the pcsd daemon in the openstack-puppet-modules package. This allows remote attackers to execute arbitrary shell commands. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2014.2.13-2, update to version 2014.2.13-2 or later to resolve the issue. As a temporary workaround, consider changing the default password 'CHANGEME' for the pcsd daemon to a secure password. Restrict access to the pcsd daemon to minimize the risk of exploitation.