virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
Link | Tags |
---|---|
http://www.securityfocus.com/bid/67089 | vdb entry third party advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1088732 | issue tracking |
http://www.openwall.com/lists/oss-security/2014/04/28/2 | third party advisory mailing list |
https://bugzilla.redhat.com/show_bug.cgi?id=1081286 | issue tracking |
http://rhn.redhat.com/errata/RHSA-2015-0430.html | third party advisory vendor advisory |