Headline

CVE-2012-0059: Red Hat Customer Portal - Access to 24x7 support and knowledge

Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.

10 years ago

CVE

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Red Hat Customer Portal

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
Red Hat CodeReady Workspaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus
Red Hat CodeReady Studio

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2012-02-06

Updated:

2012-02-06

RHSA-2012:0102 - Security Advisory

Overview
Updated Packages

Synopsis

Low: Red Hat Network Proxy spacewalk-backend security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated spacewalk-backend packages that fix one security issue are now
available for Red Hat Network Proxy 5.4.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Red Hat Network (RHN) Proxy provides a mechanism for caching content, such
as package updates from Red Hat or custom content created for an
organization on an internal, centrally-located server.

If a user submitted a system registration XML-RPC call to an RHN Proxy
server (for example, by running “rhnreg_ks”) and that call failed, their
RHN user password was included in plain text in the error messages both
stored in the server log and mailed to the server administrator. With this
update, user passwords are excluded from these error messages to avoid the
exposure of authentication credentials. (CVE-2012-0059)

Users of Red Hat Network Proxy are advised to upgrade to these updated
packages, which correct this issue. For this update to take effect,
Red Hat Network Proxy must be restarted. Refer to the Solution section for
details.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Run the following command to restart the Red Hat Network Proxy server:

# rhn-proxy restart

Affected Products