CVE-2021-3429

Debian Bug report logs - #985540 cloud-init logs sensitive password data to world-readable files Package: cloud-init; Maintainer for cloud-init is Debian Cloud Team <debian-cloud@listsdebianorg>; Source for cloud-init is src:cloud-init (PTS, buildd, popcon) Reported by: Noah Meyerhans <noahm@debianorg> Date: Fri, ...

A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module The fix prevents the generated password from being written to a world-readable log file on the local disk (CVE-2021-3429) ...

A flaw was found in cloud-init, where it uses the randomchoice function when creating sensitive random strings used for generating a random password in new instances Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user (CVE-2020-8631) A flaw was found in cloud-i ...

A flaw was found in cloud-init When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system The highest threat from this vulnerability is to data conf ...