Vulnerabilities > CVE-2014-0234 - Insecure Default Initialization of Resource vulnerability in Redhat Openshift
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2014-0487.NASL |
description | Red Hat OpenShift Enterprise release 2.1, which fixes one security issue, several bugs, and includes various enhancements, is now available. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenShift Enterprise by Red Hat is the company |
last seen | 2020-06-10 |
modified | 2018-12-06 |
plugin id | 119440 |
published | 2018-12-06 |
reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/119440 |
title | RHEL 6 : openshift (RHSA-2014:0487) |
Redhat
rpms |
|
References
- http://openwall.com/lists/oss-security/2014/06/05/19
- http://openwall.com/lists/oss-security/2014/06/05/19
- http://www.securityfocus.com/bid/67657
- http://www.securityfocus.com/bid/67657
- https://bugzilla.redhat.com/show_bug.cgi?id=1097008
- https://bugzilla.redhat.com/show_bug.cgi?id=1097008
- https://github.com/openshift/openshift-extras/blob/master/README.md
- https://github.com/openshift/openshift-extras/blob/master/README.md
- https://rhn.redhat.com/errata/RHSA-2014-0487.html
- https://rhn.redhat.com/errata/RHSA-2014-0487.html