PT-2019-12180 · Rancher · Rancher
Publicado
2019-07-30
·
Atualizado
2024-06-10
·
CVE-2019-11202
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rancher versions 2.0.0 through 2.0.13
Rancher versions 2.1.0 through 2.1.8
Rancher versions 2.2.0 through 2.2.1
Description
An issue affects Rancher where a default admin user is created with a well-known password when it starts for the first time. Even if the default admin user is deleted after initial setup, restarting Rancher will recreate this user with the same default password. This allows an attacker to exploit the system by logging in with the default admin credentials.
Recommendations
For versions 2.0.0 through 2.0.13, deactivate the default admin user instead of deleting it to mitigate the issue.
For versions 2.1.0 through 2.1.8, deactivate the default admin user instead of deleting it to mitigate the issue.
For versions 2.2.0 through 2.2.1, deactivate the default admin user instead of deleting it to mitigate the issue.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rancher