CVE-2011-4076
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.
OpenStack Nova versiones anteriores a 2012.1, permite a alguien con acceso a una EC2_ACCESS_KEY (equivalente a un nombre de usuario) obtener la EC2_SECRET_KEY (equivalente a una contraseña). Exponer el EC2_ACCESS_KEY por medio de http o herramientas que permiten ataques de tipo man-in-the-middle sobre https podría permitir a un atacante obtener fácilmente el EC2_SECRET_KEY. Un atacante también podría presumir valores por fuerza bruta para EC2_ACCESS_KEY.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-10-18 CVE Reserved
- 2019-11-26 CVE Published
- 2023-08-12 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://access.redhat.com/security/cve/cve-2011-4076 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugs.launchpad.net/nova/+bug/868360 | 2024-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2011-4076 | 2019-12-05 | |
https://www.openwall.com/lists/oss-security/2011/10/25/4 | 2019-12-05 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2010.1 < 2012.1 Search vendor "Openstack" for product "Nova" and version " >= 2010.1 < 2012.1" | - |
Affected
|