Design/Logic Flaw

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...

CVE-2016-5411

CVE-2016-5411 affects Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA. The file /var/lib/ovirt-engine/setup/engine-DC-config.py is world-readable and contains the deployed system’s root password, enabling potential information disclosure with high impact. The provided documents confirm thi...

Multiple Local Information Disclosure Vulnerabilities in Red Hat QuickStart Cloud Installer

Red Hat QuickStart Cloud Installer QCI is a Web-based graphical user interface for cloud product installation from Red Hat, Inc. A security vulnerability exists in the web interface of Red Hat QCI version 1.0, which stems from the program's failure to mask password fields. An attacker in close...

Design/Logic Flaw

The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...

CVE-2016-7060

The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...

CVE-2016-7060

CVE-2016-7060 describes a information-disclosure risk in Red Hat QuickStart Cloud Installer (QCI) 1.0 where the web interface does not mask password fields, enabling a physically proximate attacker to read passwords from the display. The CVSSv2/2.0 base score is 2.1 (LOW) with LOCAL attack vector...

CVE-2016-7060

The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...

CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

CVE-2016-6322

Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...

Design/Logic Flaw

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

CVE-2016-6340

CVE-2016-6340 affects Red Hat QuickStart Cloud Installer (QCI): the kickstart file forces MD5 passwords on deployed systems, enabling brute-force recovery of cleartext passwords. This is described by NVD as high-impact (CVSS3 base 8.4) with local attacker access and strong confidentiality/integri...

CVE-2016-6322

Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...

CVE-2016-6322

CVE-2016-6322 affects Red Hat QuickStart Cloud Installer (QCI). The issue is that /etc/qci/answers has world-readable permissions, enabling a local user to read the root password of the deployed system, which can lead to complete confidentiality/integrity/availability compromise of the deployed e...

CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

Intercepting Proxy for Performing Web Application Security Testing: The Pappy Proxy

Intercepting Proxy for Performing Web application security testing The Pappy P roxy A ttack P roxy P rox Y Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite . However, Burp Suite is neither open...

Red Hat QuickStart Cloud Installer (QCI) Local Information Disclosure Vulnerability

Red Hat QuickStart Cloud Installer QCI is a web-based GUI configuration cloud product. A local information disclosure vulnerability exists in Red Hat QuickStart Cloud Installer QCI. An attacker could exploit the vulnerability to obtain sensitive information that could be useful in launching furth...

Red Hat QuickStart Cloud Installer (QCI) Local Security Bypass Vulnerability

Red Hat QuickStart Cloud Installer a web-based GUI to configure cloud products. A local security bypass vulnerability exists in Red Hat QuickStart Cloud Installer QCI, which could be exploited by an attacker to bypass certain security restrictions and perform unauthorized operations...

CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

VulnCheck KEV: CVE-2010-2493

The default configuration of the deployment descriptor aka web.xml in picketlink-sts.war in 1 the securitysaml quickstart, 2 the webserviceproxysecurity quickstart, 3 the web-console application, 4 the http-invoker application, 5 the gpd-deployer application, 6 the jbpm-console...

CVE-2009-5014

The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...