openstack-foreman-installer: insecure defaults
| Package(s): | openstack-foreman-installer | CVE #(s): | CVE-2013-6470 | ||||
| Created: | May 30, 2014 | Updated: | June 4, 2014 | ||||
| Description: | From the Red Hat advisory: It was discovered that the Qpid configuration created by openstack-foreman-installer did not have authentication enabled when run with default settings in standalone mode. An attacker able to establish a TCP connection to Qpid could access any OpenStack back end using Qpid (for example, nova) without any authentication. | ||||||
| Alerts: |
| ||||||