What is the severity of CVE-2016-4996?

CVE-2016-4996 is classified as a high-severity vulnerability due to the exposure of root passwords in plaintext.

How do I fix CVE-2016-4996?

To remediate CVE-2016-4996, disable the ssh service on discovered nodes or upgrade to a version of Foreman that is not affected.

Which versions of Foreman are affected by CVE-2016-4996?

Foreman versions prior to 6.2 are affected by CVE-2016-4996.

What impact does CVE-2016-4996 have on my system?

CVE-2016-4996 allows local users to retrieve the root password from the system journal, potentially compromising system security.

Is Red Hat Satellite 6.3 affected by CVE-2016-4996?

Yes, Red Hat Satellite 6.3 is affected by CVE-2016-4996 if the ssh service is enabled on discovered nodes.

Vulnerability/
CVE-2016-4996

high

CWE

255

22/6/2016

14/7/2017

6/8/2024

CVE-2016-4996

First published: Wed Jun 22 2016(Updated: )

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Network Satellite Server	=6.3
Red Hat Enterprise Linux Server	=7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-4996?
CVE-2016-4996 is classified as a high-severity vulnerability due to the exposure of root passwords in plaintext.
How do I fix CVE-2016-4996?
To remediate CVE-2016-4996, disable the ssh service on discovered nodes or upgrade to a version of Foreman that is not affected.
Which versions of Foreman are affected by CVE-2016-4996?
Foreman versions prior to 6.2 are affected by CVE-2016-4996.
What impact does CVE-2016-4996 have on my system?
CVE-2016-4996 allows local users to retrieve the root password from the system journal, potentially compromising system security.
Is Red Hat Satellite 6.3 affected by CVE-2016-4996?
Yes, Red Hat Satellite 6.3 is affected by CVE-2016-4996 if the ssh service is enabled on discovered nodes.

agent/references
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-4996
agent/severity
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/redhat
canonical/red hat network satellite server
version/red hat network satellite server/6.3
canonical/red hat enterprise linux server
version/red hat enterprise linux server/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.