What is CVE-2018-1075?

CVE-2018-1075 is a vulnerability in ovirt-engine up to version 4.2.3 that allows an unfiltered password to be logged in cleartext during the verification step of manual database provisioning.

How severe is CVE-2018-1075?

CVE-2018-1075 has a severity score of 7.8 (high).

What software is affected by CVE-2018-1075?

ovirt-engine up to version 4.2.3 is affected by CVE-2018-1075.

How can I fix CVE-2018-1075?

To fix CVE-2018-1075, upgrade to a version of ovirt-engine that is higher than 4.2.3.

Are there any references for CVE-2018-1075?

Yes, you can find references for CVE-2018-1075 at the following links: [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2018:2071), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075), and [ovirt Gerrit](https://gerrit.ovirt.org/#/c/91653/).

Vulnerability/
CVE-2018-1075

high

7.8

CWE

532 522

6/2/2018

12/6/2018

5/8/2024

CVE-2018-1075

First published: Tue Feb 06 2018(Updated: )

A flaw was found in ovirt-engine. When engine-setup is run and one chooses to provision the database manually or connect to a remote database, the password input is logged but filtered only later, after verification that it is correct. References: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED CURRENTRELEASE - logs are world-readable" href="show_bug.cgi?id=1540622">https://bugzilla.redhat.com/show_bug.cgi?id=1540622</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Ovirt Ovirt	<4.2.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-1075?
CVE-2018-1075 is a vulnerability in ovirt-engine up to version 4.2.3 that allows an unfiltered password to be logged in cleartext during the verification step of manual database provisioning.
How severe is CVE-2018-1075?
CVE-2018-1075 has a severity score of 7.8 (high).
What software is affected by CVE-2018-1075?
ovirt-engine up to version 4.2.3 is affected by CVE-2018-1075.
How can I fix CVE-2018-1075?
To fix CVE-2018-1075, upgrade to a version of ovirt-engine that is higher than 4.2.3.
Are there any references for CVE-2018-1075?
Yes, you can find references for CVE-2018-1075 at the following links: [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2018:2071), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075), and [ovirt Gerrit](https://gerrit.ovirt.org/#/c/91653/).

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/type
agent/description
agent/event
agent/last-modified-date
agent/tags
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-1075
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/ovirt
canonical/ovirt ovirt

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.