PT-2016-5967 · Red Hat · Red Hat Enterprise Linux Openstack Platform+1

David Patterson

Publicado

2016-06-30

Atualizado

2021-08-04

CVE-2016-4474

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Hat OpenStack Platform versions 8.0 (Liberty) Red Hat Enterprise Linux OpenStack Platform version 7.0 (Kilo)

Description The image build process for the overcloud images in the affected platforms uses a default root password of ROOTPW, allowing attackers to gain access via unspecified vectors.

Recommendations For Red Hat OpenStack Platform version 8.0 (Liberty), change the default root password to a secure password. For Red Hat Enterprise Linux OpenStack Platform version 7.0 (Kilo), change the default root password to a secure password. As a temporary workaround, consider restricting access to the overcloud images until a secure root password is set.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254CWE-200

Identificadores relacionados

CVE-2016-4474

RHSA-2016:1222

Produtos afetados

Red Hat Enterprise Linux Openstack Platform

Red Hat Openstack Platform

PT-2016-5967 · Red Hat · Red Hat Enterprise Linux Openstack Platform+1

CVE-2016-4474

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6