Design/Logic Flaw

2020-06-1518:15:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.

CPENameOperatorVersion
openbmceq< 202043

CPE	Name	Operator	Version
	openbmc	eq	< 202043

References

github.com/openbmc/openbmc/issues/3670

github.com/openbmc/phosphor-host-ipmid/commit/b265455a2518ece7c004b43c144199ec980fc620

lists.ozlabs.org/pipermail/openbmc/2020-June/022020.html