CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
45.4%
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in
VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with
a root:! argument, which configures the root account with a cleartext
password of ! (exclamation point) and allows attackers to bypass intended
login restrictions.
Author | Note |
---|---|
jdstrand | Ubuntu 8.04 LTS fixed this previously in 0.4-0ubuntu0.1 |