PT-2016-5967 · Red Hat · Red Hat Enterprise Linux Openstack Platform+1

David Patterson

Published

2016-06-30

Updated

2021-08-04

CVE-2016-4474

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Hat OpenStack Platform versions 8.0 (Liberty) Red Hat Enterprise Linux OpenStack Platform version 7.0 (Kilo)

Description The image build process for the overcloud images in the affected platforms uses a default root password of ROOTPW, allowing attackers to gain access via unspecified vectors.

Recommendations For Red Hat OpenStack Platform version 8.0 (Liberty), change the default root password to a secure password. For Red Hat Enterprise Linux OpenStack Platform version 7.0 (Kilo), change the default root password to a secure password. As a temporary workaround, consider restricting access to the overcloud images until a secure root password is set.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-200

Related Identifiers

CVE-2016-4474

RHSA-2016:1222

Affected Products

Red Hat Enterprise Linux Openstack Platform

Red Hat Openstack Platform

PT-2016-5967 · Red Hat · Red Hat Enterprise Linux Openstack Platform+1

CVE-2016-4474

Weakness Enumeration

Related Identifiers

Affected Products

References · 6