CVE-2016-4474
overcloud-full: Default root password set
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
El proceso de construcción de imagen de las imágenes de overcloud en Red Hat OpenStack Platform 8.0 (Liberty) director y Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (también conocido como overcloud-full) utilizan una contraseña de root por defecto de ROOTPW, lo que permite a atacantes obtener acceso a través de vectores no especificados.
An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-05-02 CVE Reserved
- 2016-06-13 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-254: 7PK - Security Features
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-1222.html | 2021-08-04 | |
https://access.redhat.com/security/vulnerabilities/2359821 | 2021-08-04 | |
https://rhn.redhat.com/errata/RHSA-2016-1223.html | 2021-08-04 | |
https://access.redhat.com/security/cve/CVE-2016-4474 | 2016-06-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1342412 | 2016-06-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 7.0 Search vendor "Redhat" for product "Openstack" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 8 Search vendor "Redhat" for product "Openstack" and version "8" | - |
Affected
|