Vulnerabilities > CVE-2015-3252 - Credentials Management vulnerability in Apache Cloudstack
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E
- http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E
- http://www.securityfocus.com/archive/1/537459/100/0/threaded
- http://www.securityfocus.com/archive/1/537459/100/0/threaded
- https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories
- https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories