CVE Database


Impact: Important
Public: 2013-05-23
CWE: CWE-798
Bugzilla: 964299: CVE-2013-2069 livecd-tools: improper handling of passwords


It was discovered that when used to create images, livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no 'rootpw' directive was used or when the 'rootpw --lock' directive was used within the Kickstart file, which could allow local users to gain access to the root account.

Find out more about CVE-2013-2069 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 7.2
Base Metrics: AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector: Local
Access Complexity: Low
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Common 6 RHSA-2013:0849 May 23, 2013

External References


Red Hat would like to thank Amazon Web Services for reporting this issue. Amazon Web Services acknowledges Sylvain Beucler as the original reporter.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.