Lucene search
HistoryJul 07, 2014 - 2:55 p.m.
CVE-2014-3489
cve-2014-3489
red hat cloudforms
cfme
hard-coded salt
brute force attack
6.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.2%
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.
Related
cvelist
cvelist
CVE-2014-3489
2014-07-07 14:00:00
prion
prion
Hardcoded credentials
2014-07-07 14:55:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-05-02 05:02:41
Credential Disclosure Through A Brute Force Attack
2019-05-02 05:02:41
Sensitive Information Disclosure
2019-05-02 05:02:41
redhat
redhat
(RHSA-2014:0816) Important: cfme security, bug fix, and enhancement update
2014-06-30 00:00:00
6.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.2%
Related for CVE-2014-3489