CVE-2016-4474

HIGH

Red Hat OpenStack Platform 8.0 & RHEL OpenStack 7.0 - Default Root Password Exposure

Title source: llm
STIX 2.1

Description

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2016-1223.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1222.html

Scores

CVSS v3 8.8
EPSS 0.0085
EPSS Percentile 53.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200 CWE-254
Status published
Products (2)
redhat/openstack 7.0
redhat/openstack 8
Published Jun 30, 2016
Tracked Since Feb 18, 2026