Vulnerability: VNC Password Disclosure in libvirt

Vulnerability: VNC Password Disclosure in libvirt

CVE-2015-0236 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

Learn more about our User Device Pen Test.