#VU689 Information Disclosure in Red Hat Inc. products - CVE-2016-5432
Published: September 30, 2016 / Updated: September 30, 2016
Vulnerability identifier: #VU689
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5432
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux AS
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux AS
Software vendor:
Red Hat Inc.
Red Hat Inc.
Description
The vulnerability allows a remote unathanticated user to obtain potentially sensitive information on the target system.
The weakness is caused by improper checking of authentication details. As such details are user with provision*db options before storing the output in log files, attackers can access passwords and in the log files.
Successful exploitation of the vulnerability may result in access to potentially sensitive data and further attacks.
The weakness is caused by improper checking of authentication details. As such details are user with provision*db options before storing the output in log files, attackers can access passwords and in the log files.
Successful exploitation of the vulnerability may result in access to potentially sensitive data and further attacks.