CVE-2016-6340 - The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deploy

CVE-2016-6340

Summary

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

References

http://www.securityfocus.com/bid/92655
https://bugzilla.redhat.com/show_bug.cgi?id=1370315

Vulnerable Configurations

cpe:2.3:a:redhat:quickstart_cloud_installer:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:quickstart_cloud_installer:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 22-09-2016 - 17:48)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	92655
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1370315

Last major update

22-09-2016 - 17:48

Published

22-09-2016 - 15:59

Last modified

22-09-2016 - 17:48