CVE-2016-6340 - OpenCVE

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Quickstart Cloud Installer Enterprise Linux

Configuration 1 [-]

AND

cpe:2.3:a:redhat:quickstart_cloud_installer:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/92655	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1370315	Issue Tracking VDB Entry Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-09-22T15:00:00

Updated: 2016-09-22T14:57:02

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6340

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-09-22T15:59:03.817

Modified: 2016-09-22T17:48:19.297

Link: CVE-2016-6340

JSON object: View

Redhat Information

No data.

CWE

CWE-254

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:quickstart_cloud_installer:-:*:*:*:*:*:*:*", "matchCriteriaId": "6EFB68A7-E08C-43F9-AF03-F0049D6575E8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F7347E2-C2A4-4230-A1BC-F6FE93943D4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack."}, {"lang": "es", "value": "El archivo kickstart en Red Hat QuickStart Cloud Installer (QCI) fuerza el uso de contrase\u00f1as MD5 en el sistema desplegado, lo que facilita para atacantes determinar contrase\u00f1as de texto plano a trav\u00e9s de un ataque de fuerza bruta."}], "id": "CVE-2016-6340", "lastModified": "2016-09-22T17:48:19.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-22T15:59:03.817", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/92655"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "VDB Entry", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370315"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}