MiracleLinux 3 : sos-1.7-9.62.1.0.1.AXS3 (AXSA:2013-582:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-582:01 advisory. Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging...

SUSE CVE-2013-2069

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges...

CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

Default credentials

Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges...

sosreport does not blank root password in anaconda plugin

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...