CVE-2016-7060
MEDIUMRed Hat QuickStart Cloud Installer 1.0 - Unauthorized Password Exposure via Unmasked Web Interface
Title source: llmDescription
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97678
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0256
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1379909
Scores
CVSS v3
4.6
EPSS
0.0042
EPSS Percentile
33.5%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
redhat/quickstart_cloud_installer
1.0
Published
Apr 14, 2017
Tracked Since
Feb 18, 2026