CVE-2016-5333
CRITICALVMware Photon OS < 1.0 - Use of Hard-coded Credentials in SSH Authorized Keys
Title source: llmDescription
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036628
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92474
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0012.html
Press/Media Coverage x_refsource_misc
http://www.theregister.co.uk/2016/08/16/vmware_shipped_public_key_with_its_photon_osforcontainers/
Scores
CVSS v3
9.8
EPSS
0.0159
EPSS Percentile
81.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
vmware/photon_os
< 1.0
Published
Aug 31, 2016
Tracked Since
Feb 18, 2026