Описание
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 9 (Mitaka) | overcloud-full | Affected | ||
| OpenStack 7.0 Director for RHEL 7 | overcloud-full | Fixed | RHSA-2016:1223 | 13.06.2016 |
| Red Hat OpenStack Platform 8.0 (Liberty) director | rhosp-director-images | Fixed | RHSA-2016:1222 | 13.06.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS2
Связанные уязвимости
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
EPSS
7.4 High
CVSS2