Main Vulnerability Database Vulnerabilities #VU37355

Credentials management in mysql - CVE-2016-0898

Published: March 30, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37355

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-0898

CWE-ID: CWE-255

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
mysql

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.

How to mitigate CVE-2016-0898

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/95146
https://pivotal.io/security/cve-2016-0898

Credentials management in mysql - CVE-2016-0898

Detailed vulnerability description

How to mitigate CVE-2016-0898

Sources

Please verify you're human