Vulnerabilities > Theforeman > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-08 | CVE-2013-0174 | Information Exposure vulnerability in Theforeman Foreman The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | 5.0 |
| 2014-05-08 | CVE-2013-0173 | Cryptographic Issues vulnerability in Theforeman Foreman Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | 5.0 |
| 2014-04-17 | CVE-2013-2143 | Improper Input Validation vulnerability in multiple products The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. | 6.5 |