CVE-2014-0234Initialization of a Resource with an Insecure Default in Redhat Openshift

CWE-1188Initialization of a Resource with an Insecure DefaultCWE-798Hard-coded Credentials5 documents5 sources
Severity
9.8CRITICALNVD
CNA7.5
EPSS
8.8%
top 7.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift
Timeline
PublishedFeb 12
Latest updateMay 17

Description

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDredhat/openshift< 2.1

Patches

Patch: openwall.comPatch: openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-w87g-2vqm-6m24: The default configuration of broker2022-05-17
CVEList
CVE-2014-0234: The default configuration of broker2020-02-12

📋Vendor Advisories

1
Red Hat
openshift-origin-broker: default password creation2014-05-14

💬Community

1
Bugzilla
CVE-2014-0234 OpenShift Enterprise openshift-origin-broker: default password creation2014-05-13
CVE-2014-0234 — Redhat Openshift vulnerability | cvebase