CVE-2016-5411

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...

CVE-2016-7060

The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...

CVE-2016-7060

CVE-2016-7060 describes a information-disclosure risk in Red Hat QuickStart Cloud Installer (QCI) 1.0 where the web interface does not mask password fields, enabling a physically proximate attacker to read passwords from the display. The CVSSv2/2.0 base score is 2.1 (LOW) with LOCAL attack vector...

Moderate: Red Hat Security Advisory: tfm-rubygem-fusor_ui security update

An update for tfm-rubygem-fusorui is now available for Red Hat QCI 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2016-7060

It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services...

Default credentials

Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...

CVE-2016-6322

Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...

CVE-2016-6322

CVE-2016-6322 affects Red Hat QuickStart Cloud Installer (QCI). The issue is that /etc/qci/answers has world-readable permissions, enabling a local user to read the root password of the deployed system, which can lead to complete confidentiality/integrity/availability compromise of the deployed e...

CVE-2016-6340

CVE-2016-6340 affects Red Hat QuickStart Cloud Installer (QCI): the kickstart file forces MD5 passwords on deployed systems, enabling brute-force recovery of cleartext passwords. This is described by NVD as high-impact (CVSS3 base 8.4) with local attacker access and strong confidentiality/integri...

CVE-2016-5411

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...

CVE-2016-6322

Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...