Bug 1379909 (CVE-2016-7060)
Summary: | CVE-2016-7060 Red Hat QCI: qci exposes password in web UI when they should be masked | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | arubin, cchase, jesusr, jmatthew, kdube, security-response-team, smallamp, tcarlin, tsanders |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services protected by those passwords.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-03-06 19:51:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1390813, 1396744 | ||
Bug Blocks: | 1379910 |
Description
Kurt Seifried
2016-09-28 04:18:13 UTC
Acknowledgments: Name: QCI QE Team (Red Hat) This issue has been addressed in the following products: QCI 1.0 Via RHSA-2017:0256 https://access.redhat.com/errata/RHSA-2017:0256 |