Vulnerability identifier: #VU689

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-5432

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Red Hat Enterprise Linux Server
Operating systems & Components / Operating system
Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system
Red Hat Enterprise Linux AS
Operating systems & Components / Operating system

Vendor: Red Hat Inc.

Description
The vulnerability allows a remote unathanticated user to obtain potentially sensitive information on the target system.
The weakness is caused by improper checking of authentication details. As such details are user with provision*db options before storing the output in log files, attackers can access passwords and in the log files.
Successful exploitation of the vulnerability may result in access to potentially sensitive data and further attacks. 

Vulnerable software versions

Red Hat Enterprise Linux Server: 6.0

Red Hat Enterprise Linux for x86_64: 5

Red Hat Enterprise Linux AS: v.4

---

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.