2 matches found
CVE-2016-6322
CVE-2016-6322 affects Red Hat QuickStart Cloud Installer (QCI). The issue is that /etc/qci/answers has world-readable permissions, enabling a local user to read the root password of the deployed system, which can lead to complete confidentiality/integrity/availability compromise of the deployed e...
CVE-2016-6340
CVE-2016-6340 affects Red Hat QuickStart Cloud Installer (QCI): the kickstart file forces MD5 passwords on deployed systems, enabling brute-force recovery of cleartext passwords. This is described by NVD as high-impact (CVSS3 base 8.4) with local attacker access and strong confidentiality/integri...