PT-2016-6832 · Red Hat · Red Hat Quickstart Cloud Installer

Kurt Seifried

Published

2016-09-22

Updated

2016-09-22

CVE-2016-6340

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat QuickStart Cloud Installer (QCI) (affected versions not specified)

Description The issue in Red Hat QuickStart Cloud Installer (QCI) involves the kickstart file forcing the use of MD5 passwords on deployed systems. This makes it easier for attackers to determine cleartext passwords via a brute-force attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2016-6340

Affected Products

Red Hat Quickstart Cloud Installer

PT-2016-6832 · Red Hat · Red Hat Quickstart Cloud Installer

CVE-2016-6340

Weakness Enumeration

Related Identifiers

Affected Products

References · 3