2 matches found
CVE-2012-5509
CVE-2012-5509 affects Aeolus Configuration Server used with Red Hat CloudForms Cloud Engine prior to 1.1.2. The aeolus-configserver-setup script creates a world-readable temporary file in /tmp that contains credentials, enabling a local attacker to read them. Red Hat’s advisory for CloudForms Clo...
CVE-2012-6117
CVE-2012-6117 affects Aeolus Configuration Server as used in Red Hat CloudForms Cloud Engine prior to 1.1.2. The issue is that /var/log/aeolus-configserver/configserver.log is world-readable, allowing local attackers to read plaintext passwords stored in the log file. Red Hat addressed this with ...