Skip to main content

Credentials Management Errors

CVE-2016-4996

Severity High
Score 7/10

Summary

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.

  • HIGH
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory Timeline

  • Published