- Home
- CVEs with nessus.description==It was discovered that there was a password policy issue in libvirt, a library for interfacing with different virtualization systems.
Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behave like that. VNC would happily accept the empty password. We enforce the behavior by setting password expiration to 'now'.
For Debian 7 'Wheezy', this issue has been fixed in libvirt version 0.9.12.3-1+deb7u2.
We recommend that you upgrade your libvirt packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top