Hardcoded Password Vulnerability in Ceph Services by Red Hat
CVE-2020-1716

8.8HIGH

Key Information:

Vendor: Ceph
Status: Ceph-ansible
Vendor: CVE Published:; 28 May 2021

What is CVE-2020-1716?

A flaw exists in the ceph-ansible playbook involving hardcoded passwords used as defaults during the deployment of Ceph services. This vulnerability allows authenticated attackers to conduct brute-force attacks against Ceph deployments, enabling them to acquire administrator access through the Ceph dashboard. From there, attackers can perform actions such as reading, writing, or deleting Ceph clusters and altering cluster configurations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ceph-ansible ceph-ansible 6.0.0alpha1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1795592

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2021
Vulnerability Reserved
Nov 27, 2019

JSON

Ceph

What is CVE-2020-1716?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.