Root User Added to users Group in aaa_base Image Creation Configuration

Root User Added to users Group in aaa_base Image Creation Configuration

CVE-2013-3713 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.