PT-2017-9082 · Red Hat · Red Hat Quickstart Cloud Installer

Kurt Seifried

Published

2017-04-14

Updated

2017-04-25

CVE-2016-7060

CVSS v3.1

4.6

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat QuickStart Cloud Installer (QCI) version 1.0

Description The issue concerns the web interface of the affected software, where password fields are not masked. This allows physically proximate attackers to obtain sensitive password information by reading the display.

Recommendations For Red Hat QuickStart Cloud Installer (QCI) version 1.0, consider implementing password masking in the web interface to prevent unauthorized access to sensitive information.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-7060

RHSA-2017:0256

Affected Products

Red Hat Quickstart Cloud Installer

PT-2017-9082 · Red Hat · Red Hat Quickstart Cloud Installer

CVE-2016-7060

Weakness Enumeration

Related Identifiers

Affected Products

References · 5