Sensitive Information Disclosure in rhc-chk.rb in Red Hat OpenShift Origin before 1.1

Sensitive Information Disclosure in rhc-chk.rb in Red Hat OpenShift Origin before 1.1

CVE-2012-5658 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.

Learn more about our Web Application Penetration Testing UK.