Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine prior to 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat cloudforms cloud engine 1.0 |
||
redhat cloudforms cloud engine |