11 matches found
EUVD-2016-6356
Malware in sbrugna...
Information Disclosure
tfm-rubygem-fusorui is vulnerable to information disclosure attacks. The vulnerability exists as the web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the...
CVE-2016-5411
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...
Multiple Local Information Disclosure Vulnerabilities in Red Hat QuickStart Cloud Installer
Red Hat QuickStart Cloud Installer QCI is a Web-based graphical user interface for cloud product installation from Red Hat, Inc. A security vulnerability exists in the web interface of Red Hat QCI version 1.0, which stems from the program's failure to mask password fields. An attacker in close...
Design/Logic Flaw
The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...
CVE-2016-7060
The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...
CVE-2016-7060
CVE-2016-7060 describes a information-disclosure risk in Red Hat QuickStart Cloud Installer (QCI) 1.0 where the web interface does not mask password fields, enabling a physically proximate attacker to read passwords from the display. The CVSSv2/2.0 base score is 2.1 (LOW) with LOCAL attack vector...
CVE-2016-6322
Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...
CVE-2016-6322
Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...
Red Hat QuickStart Cloud Installer (QCI) Local Information Disclosure Vulnerability
Red Hat QuickStart Cloud Installer QCI is a web-based GUI configuration cloud product. A local information disclosure vulnerability exists in Red Hat QuickStart Cloud Installer QCI. An attacker could exploit the vulnerability to obtain sensitive information that could be useful in launching furth...
CVE-2016-6340
The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...