CVE-2018-1073 - Vulnerability Details

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ovirt	Ovirt-engine
Redhat	Enterprise Linux Virtualization Virtualization Host

Configuration 1 [-]

cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:redhat:virtualization:4.0:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
rhvm-appliance-0:4.2-20180504.0	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2018:1525	2018-05-15T00:00:00Z

References

Link	Providers
http://www.securityfocus.com/bid/104189
https://access.redhat.com/errata/RHSA-2018:1525
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1073
https://nvd.nist.gov/vuln/detail/CVE-2018-1073
https://www.cve.org/CVERecord?id=CVE-2018-1073

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-06-19T12:00:00

Updated: 2024-08-05T03:51:47.320Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1073

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-19T12:29:00.280

Modified: 2024-11-21T03:59:07.427

Link: CVE-2018-1073

Redhat

Severity : Low

Publid Date: 2018-05-15T00:00:00Z

Links: CVE-2018-1073 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object