CVE-2012-0059

Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages

CVSS 4.9 MEDIUMEPSS 1.6%CWE-209

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://rhn.redhat.com/errata/RHSA-2012-0101.html http://rhn.redhat.com/errata/RHSA-2012-0102.html https://access.redhat.com/security/cve/CVE-2012-0059