Описание
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cloud-init | fixed | 19.4-2 | package | |
| cloud-init | no-dsa | buster | package | |
| cloud-init | no-dsa | stretch | package |
Примечания
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
https://github.com/canonical/cloud-init/pull/189
https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14
EPSS
Связанные уязвимости
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
In cloud-init through 19.4 rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value which makes it easier for attackers to guess passwords.
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
EPSS