4 matches found
CVE-2016-7060
CVE-2016-7060 describes a information-disclosure risk in Red Hat QuickStart Cloud Installer (QCI) 1.0 where the web interface does not mask password fields, enabling a physically proximate attacker to read passwords from the display. The CVSSv2/2.0 base score is 2.1 (LOW) with LOCAL attack vector...
CVE-2016-5411
CVE-2016-5411 affects Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA. The file /var/lib/ovirt-engine/setup/engine-DC-config.py is world-readable and contains the deployed system’s root password, enabling potential information disclosure with high impact. The provided documents confirm thi...
CVE-2016-6322
CVE-2016-6322 affects Red Hat QuickStart Cloud Installer (QCI). The issue is that /etc/qci/answers has world-readable permissions, enabling a local user to read the root password of the deployed system, which can lead to complete confidentiality/integrity/availability compromise of the deployed e...
CVE-2016-6340
CVE-2016-6340 affects Red Hat QuickStart Cloud Installer (QCI): the kickstart file forces MD5 passwords on deployed systems, enabling brute-force recovery of cleartext passwords. This is described by NVD as high-impact (CVSS3 base 8.4) with local attacker access and strong confidentiality/integri...