CVE-2014-3489

CWE-255CWE-3215 documents5 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 39.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms 3.0 Management Engine
Timeline
PublishedJul 7
Latest updateMay 17

Description

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cw3x-m8xc-mqp9: lib/util/miq-password2022-05-17
CVEList
CVE-2014-3489: lib/util/miq-password2014-07-07

📋Vendor Advisories

1
Red Hat
CFME: Default salt value in miq-password.rb2014-06-30

💬Community

1
Bugzilla
CVE-2014-3489 CFME: Default salt value in miq-password.rb2014-06-10