CVE-2012-3538

Name of the Vulnerable Software and Affected Versions Red Hat CloudForms versions prior to 1.1

Description The issue allows local users to read administrative passwords by accessing a world-readable log file. This occurs because Pulp logs administrative passwords in the production.log file, which has world-readable permissions.

Recommendations For versions prior to 1.1, consider restricting access to the production.log file to minimize the risk of exploitation. As a temporary workaround, change the permissions of the production.log file to prevent unauthorized access until a fix is applied.