Information Disclosure in Red Hat Inc. products - CVE-2016-5432
Published: September 30, 2016 / Updated: September 30, 2016
Vulnerability identifier: #VU689
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5432
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux AS
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux AS
Detailed vulnerability description
The vulnerability allows a remote unathanticated user to obtain potentially sensitive information on the target system.
The weakness is caused by improper checking of authentication details. As such details are user with provision*db options before storing the output in log files, attackers can access passwords and in the log files.
Successful exploitation of the vulnerability may result in access to potentially sensitive data and further attacks.
The weakness is caused by improper checking of authentication details. As such details are user with provision*db options before storing the output in log files, attackers can access passwords and in the log files.
Successful exploitation of the vulnerability may result in access to potentially sensitive data and further attacks.