Credentials Management Errors

CVE-2016-6815

Medium

6.5/10

Summary

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory

Advisory Timeline

Published Oct 13, 2017