The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97678 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:0256 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1379909 | Issue Tracking Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-04-14T18:00:00
Updated: 2017-04-18T09:57:01
Reserved: 2016-08-23T00:00:00
Link: CVE-2016-7060
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-04-14T18:59:00.843
Modified: 2017-04-25T00:39:13.880
Link: CVE-2016-7060
JSON object: View
Redhat Information
No data.
CWE