PT-2014-2202 · Red Hat · Red Hat Network Satellite/Proxy

Publicado

2014-02-05

Atualizado

2022-02-03

CVE-2012-0059

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat Network (RHN) Satellite and Proxy version 5.4

Description The issue allows remote administrators to obtain user passwords by reading the server log and an email when a system registration XML-RPC call fails. This occurs because cleartext user passwords are included in an error message.

Recommendations For Red Hat Network (RHN) Satellite and Proxy version 5.4, consider restricting access to server logs and emails that may contain error messages with cleartext user passwords until a fix is available. As a temporary workaround, restrict the ability of remote administrators to read server logs and emails to minimize the risk of password exposure.

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-209CWE-310

Identificadores relacionados

CVE-2012-0059

RHSA-2012:0101

RHSA-2012:0102

Produtos afetados

Red Hat Network Satellite/Proxy

PT-2014-2202 · Red Hat · Red Hat Network Satellite/Proxy

CVE-2012-0059

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4