Showing 1 - 3 of 3

Files from John Kinsella

Apache CloudStack 4.5.0 Authentication Bypass: Posted Jun 9, 2016; Authored by John Kinsella; Apache CloudStack contains an authentication module providing "single sign-on" functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication.; tags | advisory; advisories | CVE-2016-3085; SHA-256 | a4b1186aed8d05b27ac281e1250d62a1a3033e39f9bb7e46c69a4ba4a43d9dd7; Download | Favorite | View

Apache CloudStack 4.4.4 / 4.5.1 VM Credential Exposure: Posted Feb 6, 2016; Authored by John Kinsella; Apache CloudStack provides an API for managing network, compute, storage, and user aspects of a CloudStack cloud. Under certain circumstances, the results of certain API calls may expose the root password for a virtual machine related to an API call. Versions 4.4.4 and 4.5.1 are affected.; tags | advisory, root; advisories | CVE-2015-3251; SHA-256 | e1d9575a64a66d0b6de598436c6e55b6139760f94dc1d7be9d4fb1558d1c6e56; Download | Favorite | View

Apache CloudStack 4.4.4 / 4.5.1 VNC Authentication Issue: Posted Feb 6, 2016; Authored by John Kinsella; Apache CloudStack sets a VNC password unique to each KVM virtual machine under management. Upon migrating a VM from one host to another, the VNC password is no longer set in KVM on the new host. To leverage this issue, an attacker would need to have network access to a CloudStack host to be able to connect via VNC directly. Versions 4.4.4 and 4.5.1 are affected.; tags | advisory; advisories | CVE-2015-3252; SHA-256 | 444ee4e43b5662436349058a9ae9bf309899af372366f8897acde09d71e4fb06; Download | Favorite | View