8 matches found
EUVD-2016-6356
Malware in sbrugna...
Information Disclosure
tfm-rubygem-fusorui is vulnerable to information disclosure attacks. The vulnerability exists as the web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the...
CVE-2016-5411
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer QCI before 1.0 GA is created world readable and contains the root password of the deployed system...
Design/Logic Flaw
The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...
CVE-2016-7060
CVE-2016-7060 describes a information-disclosure risk in Red Hat QuickStart Cloud Installer (QCI) 1.0 where the web interface does not mask password fields, enabling a physically proximate attacker to read passwords from the display. The CVSSv2/2.0 base score is 2.1 (LOW) with LOCAL attack vector...
CVE-2016-6322
Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...
CVE-2016-6322
Red Hat QuickStart Cloud Installer QCI uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file...
CVE-2016-6340
The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...