CVE-2018-1075

HIGH Year: 2018
CVSS v3 Score
7.8
High
CVSS v2 Score
2.1
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.

Related Vulnerabilities

CVE-2017-5153

HIGH
CVSS:7.8(High)

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure thro...

CWE-5322017

CVE-2018-1000018

HIGH
CVSS:7.8(High)

An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.

CWE-5322018

CVE-2018-1768

HIGH
CVSS:7.8(High)

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an ins...

CWE-5322018

CVE-2018-6971

HIGH
CVSS:7.8(High)

VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the current...

CWE-5322018

CVE-2019-0004

HIGH
CVSS:7.8(High)

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue aff...

CWE-5322019

CVE-2019-0029

HIGH
CVSS:7.8(High)

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 v...

CWE-5322019