Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
CPE | Name | Operator | Version |
---|---|---|---|
cloudforms_cloud_engine | le | 1.1 | |
cloudforms_cloud_engine | eq | 1.0 |