Vulnerability in Redhat Cloudforms_3.0_management_engine
CVE-2014-3489
lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.
EPSS: 0.004 (61.2th percentile) — read the EPSS interpretation.
Affected products
- Redhat Cloudforms_3.0_management_engine — versions 5.2, 5.2.1, 5.2.1.6
- N/a — versions n/a
Weakness classification (CWE)
References
- 68299 (vdb-entry, x_refsource_BID)
- RHSA-2014:0816 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)