Unfiltered Password Logging Vulnerability in oVirt-Engine

Unfiltered Password Logging Vulnerability in oVirt-Engine

CVE-2018-1075 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.

Learn more about our Web Application Penetration Testing UK.