Insecure Password Handling in sosreport Utility

Insecure Password Handling in sosreport Utility

CVE-2012-2664 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.

Learn more about our User Device Pen Test.