discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:0336 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1349136 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
13 Feb 2023, 04:50
Type | Values Removed | Values Added |
---|---|---|
Summary | discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | |
References |
|
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in discovery-debug in foreman. An attacker, with permissions to view the debug results, would be able to view the root password associated with that system, potentially allowing them to access it. |
Information
Published : 2017-07-17 13:18
Updated : 2023-12-10 12:15
NVD link : CVE-2016-4996
Mitre link : CVE-2016-4996
CVE.ORG link : CVE-2016-4996
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- satellite
CWE
CWE-255
Credentials Management Errors