PT-2016-7127 · Openstack · Openstack+1

Marcus Meissner

Published

2016-12-08

Updated

2020-09-09

CVE-2016-6829

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Openstack deployment (aka crowbar-openstack) (affected versions not specified) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) (affected versions not specified)

Description The issue concerns a default password for the trove service user in Openstack deployment and Trove Barclamp, making it easier for remote attackers to gain access.

Recommendations For Openstack deployment, change the default password of the trove service user to a strong and unique password. For Trove Barclamp, update the configuration to use a secure password for the trove service user instead of the default one.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2016-6829

SUSE-SU-2016:3056-1

Affected Products

Openstack

Trove Barclamp

PT-2016-7127 · Openstack · Openstack+1

CVE-2016-6829

Weakness Enumeration

Related Identifiers

Affected Products

References · 12