CVE-2016-4996

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 6.2

Description The issue allows local users with access to the system journal to obtain the root password by reading the system journal or by clicking Logs on the console, when the ssh service has been enabled on discovered nodes and discovery-debug is used to log in. This occurs because the root password is displayed in plaintext in the system journal.

Recommendations For versions prior to 6.2, consider disabling the ssh service on discovered nodes or restricting access to the system journal to minimize the risk of exploitation. As a temporary workaround, avoid using the discovery-debug feature until a patch is available.