Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2021-1486

Related Vulnerabilities: CVE-2020-8631   CVE-2020-8632   CVE-2021-3429  

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. (CVE-2020-8631) A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. (CVE-2020-8632) A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. (CVE-2021-3429)

Source

ALAS-2021-1486

Amazon Linux AMI Security Advisory: ALAS-2021-1486
Advisory Release Date: 2021-03-18 17:22 Pacific
Advisory Updated Date: 2021-03-19 22:54 Pacific
Severity: Medium
Issue Overview:

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. (CVE-2020-8631)

A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. (CVE-2020-8632)

A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. (CVE-2021-3429)


Affected Packages:

cloud-init


Issue Correction:
Run yum update cloud-init to update your system.

New Packages:
noarch:
    cloud-init-0.7.6-43.23.amzn1.noarch

src:
    cloud-init-0.7.6-43.23.amzn1.src

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started