Vulnerabilities > Suse > Yast2 > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-04-26 CVE-2016-1601 Credentials Management vulnerability in Suse Yast2
yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.
network
low complexity
suse CWE-255
critical
 9.8
9.8