CVE-2016-6829
Description
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-6829.html
Vendor advisory: secalert@redhat.com — https://www.suse.com/security/cve//CVE-2016-6829.html
Vendor advisory: secalert@redhat.com — https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69
Vendor advisory: secalert@redhat.com — https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| barclamp-trove_project | barclamp-trove | - | |
| crowbar-openstack_project | crowbar-openstack | - | |
References
- http://www.openwall.com/lists/oss-security/2016/08/16/1
- http://www.openwall.com/lists/oss-security/2016/08/18/9
- http://www.securityfocus.com/bid/92476
- https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa
- https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69
- https://www.suse.com/security/cve//CVE-2016-6829.html
- https://www.suse.com/security/cve/CVE-2016-6829.html
CWEs
CWE-798
Verify integrity in audit chain (admin only). AS-IS.