CVE-2016-7060

MEDIUM

Red Hat QuickStart Cloud Installer 1.0 - Unauthorized Password Exposure via Unmasked Web Interface

Title source: llm
STIX 2.1

Description

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97678
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0256
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1379909

Scores

CVSS v3 4.6
EPSS 0.0042
EPSS Percentile 33.5%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
redhat/quickstart_cloud_installer 1.0
Published Apr 14, 2017
Tracked Since Feb 18, 2026