The sosreport utility in the Red Hat sos package prior to 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow malicious users to obtain passwords or password hashes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat sos |