6 matches found
Authorization Bypass
ovirt-engine-extension-aaa-jdbc is vulnerable to authorization bypass attacks. The vulnerability exists when updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacke...
Default credentials
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those account...
CVE-2017-2614
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those account...
CVE-2017-2614
The CVE-2017-2614 issue affects ovirt-engine-extension-aaa-jdbc and the ovirt-aaa-jdbc-tool prior to 1.1.3. The root cause is that the tool fails to correctly verify the current password when it is expired during password updates in the rhvm database, allowing an attacker with access to change su...
CVE-2017-2614
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those account...
CVE-2017-2614
When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts...