CVE-2018-9057

9.8CRITICAL

Key Information:

Vendor: Hashicorp
Status: Terraform
Vendor: CVE Published:; 27 March 2018

Summary

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.

References

https://github.com/terraform-providers/terraform-provider...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Mar 27, 2018