CVE Vulnerabilities

CVE-2014-3489

Published: Jul 07, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.

Affected Software

Name Vendor Start Version End Version
Cloudforms_3.0_management_engine Redhat 5.2.1 5.2.1
Cloudforms_3.0_management_engine Redhat * 5.2.4
Cloudforms_3.0_management_engine Redhat 5.2.1.6 5.2.1.6
Cloudforms_3.0_management_engine Redhat 5.2.3.2 5.2.3.2
Cloudforms_3.0_management_engine Redhat 5.2.2 5.2.2
Cloudforms_3.0_management_engine Redhat 5.2 5.2
Cloudforms_3.0_management_engine Redhat 5.2.3 5.2.3

References