World-readable permissions for /etc/katello/secure/passphrase in Katello 1.1 allows local users to obtain passphrase

World-readable permissions for /etc/katello/secure/passphrase in Katello 1.1 allows local users to obtain passphrase

CVE-2012-5561 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.

Learn more about our User Device Pen Test.