What is CVE-2016-1601?

CVE-2016-1601 is a critical-severity vulnerability in Suse Linux_enterprise_desktop, classified under CWE-255. CVSS score: 9.8/10. Published 2016-04-26.

How severe is CVE-2016-1601?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Suse Linux_enterprise_desktop

CVE-2016-1601

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to…

EPSS: 0.005 (64.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Suse Linux_enterprise_desktop — versions 12
Suse Linux_enterprise_server — versions 12
Suse Linux_enterprise_software_development_kit — versions 12
Suse Yast2
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

security@opentext.com (x_refsource_CONFIRM)
openSUSE-SU-2016:1226 (vendor-advisory, x_refsource_SUSE)
SUSE-SU-2016:1138 (vendor-advisory, x_refsource_SUSE)
security@opentext.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2016-1601?: CVE-2016-1601 is a critical-severity vulnerability in Suse Linux_enterprise_desktop, classified under CWE-255. CVSS score: 9.8/10. Published 2016-04-26.
How severe is CVE-2016-1601?: Critical severity. CVSS v3 base score is 9.8 out of 10.