Thursday, November 4, 2021

Huawei EulerOS: CVE-2021-3429: cloud-init security update

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The highest threat from this vulnerability is to data confidentiality and it may allow a local attacker to log in as another user.
  • huawei-euleros-2_0_sp8-upgrade-cloud-init

  • References
  • CVE - 2021-3429
  • EulerOS-SA-2021-2624


    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore