PT-2014-2202 · Red Hat · Red Hat Network Satellite/Proxy

Published

2014-02-05

·

Updated

2022-02-03

·

CVE-2012-0059

CVSS v3.1

4.9

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Red Hat Network (RHN) Satellite and Proxy version 5.4
Description The issue allows remote administrators to obtain user passwords by reading the server log and an email when a system registration XML-RPC call fails. This occurs because cleartext user passwords are included in an error message.
Recommendations For Red Hat Network (RHN) Satellite and Proxy version 5.4, consider restricting access to server logs and emails that may contain error messages with cleartext user passwords until a fix is available. As a temporary workaround, restrict the ability of remote administrators to read server logs and emails to minimize the risk of password exposure.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-209CWE-310

Related Identifiers

CVE-2012-0059
RHSA-2012:0101
RHSA-2012:0102

Affected Products

Red Hat Network Satellite/Proxy