Vulnerabilities > CVE-2014-3489 - Credentials Management vulnerability in Redhat Cloudforms 3.0 Management Engine

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.

Common Weakness Enumeration (CWE)

Redhat

advisories
rhsa
idRHSA-2014:0816
rpms
  • cfme-0:5.2.4.2-1.el6cf
  • cfme-appliance-0:5.2.4.2-1.el6cf
  • cfme-debuginfo-0:5.2.4.2-1.el6cf
  • cfme-lib-0:5.2.4.2-1.el6cf
  • mingw32-cfme-host-0:5.2.4.2-1.el6cf
  • ruby193-rubygem-actionpack-1:3.2.13-8.el6cf