etcd prior to 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an malicious user to guess or brute-force users' passwords with little computational effort.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat etcd |
||
fedoraproject fedora 32 |