CVE-2016-7062 – rhscon-ceph: password leak by command line parameter
https://notcve.org/view.php?id=CVE-2016-7062
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. rhscon-ceph en Red Hat Storage Console 2 x86_64 y Red Hat Storage Console Node 2 x86_64 permite a los usuarios locales obtener la contraseña como texto sin cifrar. A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. • http://www.securityfocus.com/bid/93796 http://www.securitytracker.com/id/1037062 https://access.redhat.com/errata/RHSA-2016:2082 https://bugzilla.redhat.com/show_bug.cgi?id=1381681 https://access.redhat.com/security/cve/CVE-2016-7062 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-255: Credentials Management Errors •