CVE-2011-1773 – virt-v2v: vnc password protection is missing after vm conversion
https://notcve.org/view.php?id=CVE-2011-1773
virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password. virt-v2v anterior a 0.8.4 no conserva la contraseña de la consola de VNC cuando convierte un invitado, lo que permite a usuarios locales evadir la autenticación de VNC mediante la conexión sin una contraseña. • http://rhn.redhat.com/errata/RHSA-2011-1615.html http://secunia.com/advisories/47086 http://www.osvdb.org/77558 https://bugzilla.redhat.com/show_bug.cgi?id=702754 https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1 https://access.redhat.com/security/cve/CVE-2011-1773 • CWE-255: Credentials Management Errors •