CVE-2016-7060 — MEDIUM (4.6)

Vulnerability Description

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.

CVSS Score

4.6

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Quickstart Cloud Installer	1.0

Related Weaknesses (CWE)

CWE-200

References

http://www.securityfocus.com/bid/97678Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:0256
https://bugzilla.redhat.com/show_bug.cgi?id=1379909Issue TrackingThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/97678Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:0256
https://bugzilla.redhat.com/show_bug.cgi?id=1379909Issue TrackingThird Party AdvisoryVDB Entry

FAQ

What is CVE-2016-7060?

CVE-2016-7060 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the di...

How severe is CVE-2016-7060?

CVE-2016-7060 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-7060?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Quickstart Cloud Installer.