David Patterson

**Name of the Vulnerable Software and Affected Versions** Red Hat OpenStack Platform versions 8.0 (Liberty) Red Hat Enterprise Linux OpenStack Platform version 7.0 (Kilo) **Description** The image build process for the overcloud images in the affected platforms uses a default root password of `ROOTPW`, allowing attackers to gain access via unspecified vectors. **Recommendations** For Red Hat OpenStack Platform version 8.0 (Liberty), change the default root password to a secure password. For Red Hat Enterprise Linux OpenStack Platform version 7.0 (Kilo), change the default root password to a secure password. As a temporary workaround, consider restricting access to the overcloud images until a secure root password is set.