CVE-2015-1842
openstack-puppet-modules: pacemaker configured with default password
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
Puppet Manifests en el paquete openstack-puppet-modules de Red Hat anterior a 2014.2.13-2 utiliza una contraseño por defecto de CHANGEME para el demonio pcsd, lo que permite a atacantes remotos ejecutar comandos de shell arbitrarios a través de vectores no especificados.
It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-17 CVE Reserved
- 2015-04-08 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/74049 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2015-0789.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-0791.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-0830.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-0831.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-0832.html | 2023-02-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1201875 | 2015-04-16 | |
https://access.redhat.com/security/cve/CVE-2015-1842 | 2015-04-16 |