Vulnerabilities > CVE-2006-6614 - Information Disclosure vulnerability in Fully Automated Installation Administrator Hashed Password
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 13 |