Insecure Logging of Passwords in oVirt Engine

Insecure Logging of Passwords in oVirt Engine

CVE-2016-6341 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.

Learn more about our User Device Pen Test.