Vulnerabilities > CVE-2017-2614 - Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
redhat
CWE-640
nessus

Summary

When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

Vulnerable Configurations

Part Description Count
Application
Redhat
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Password Recovery Exploitation
    An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.

Nessus

NASL familyRed Hat Local Security Checks
NASL idREDHAT-RHSA-2017-0257.NASL
descriptionAn update for ovirt-engine-extension-aaa-jdbc is now available for RHEV Engine version 4.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. AAA-JDBC is an extension which allows to store authentication and authorization data in relational database and provides these data using standardized oVirt AAA API similarly to already existing AAA-LDAP extension. Security Fix(es) : * When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts. (CVE-2017-2614) This issue was discovered by Dominic Geevarghes (Red Hat).
last seen2020-06-01
modified2020-06-02
plugin id97059
published2017-02-08
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/97059
titleRHEL 7 : ovirt-engine-extension-aaa-jdbc (RHSA-2017:0257)

Redhat

advisories
rhsa
idRHSA-2017:0257
rpmsovirt-engine-extension-aaa-jdbc-0:1.1.3-1.el7ev