A flaw was found in etcd, where it does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This flaw allows an attacker to guess or brute-force users’ passwords with little computational effort. The highest threat from this vulnerability is to confidentiality.