Vulnerability Details : CVE-2016-7060
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
Vulnerability category: Information leak
Products affected by CVE-2016-7060
- cpe:2.3:a:redhat:quickstart_cloud_installer:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7060
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7060
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
4.6
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST |
CWE ids for CVE-2016-7060
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7060
-
http://www.securityfocus.com/bid/97678
Red Hat QCI CVE-2016-7060 Multiple Local Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:0256
Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1379909
1379909 – (CVE-2016-7060) CVE-2016-7060 Red Hat QCI: qci exposes password in web UI when they should be maskedIssue Tracking;Third Party Advisory;VDB Entry
Jump to