CVE-2016-6829

CRITICAL

barclamp-trove and crowbar-openstack - Use of Hard-coded Credentials

Title source: llm

Description

The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.

References (6)

Core 6

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.suse.com/security/cve//CVE-2016-6829.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/08/16/1

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/08/18/9

Issue Tracking, Patch x_refsource_confirm

https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92476

Issue Tracking, Patch x_refsource_confirm

https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69

Scores

CVSS v3 9.8

EPSS 0.0239

EPSS Percentile 81.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (2)

barclamp-trove_project/barclamp-trove

crowbar-openstack_project/crowbar-openstack

Published Dec 09, 2016

Tracked Since Feb 18, 2026