Security Vulnerability: Permitted to login as root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Carmen Rata |
Bug Description
Brief Description
-----------------
[Security vulnerability] 11255 - Default Password (root) for 'root' Account was captured in NESSUS Scan.
It is possible to login as root and execute the command 'id' on the remote host : uid=0(root) gid=0(root) groups=0(root)
Severity
--------
Critical
Steps to Reproduce
------------------
1. Logged in as 'sysadmin' and changed the root password using 'sudo passwd root'
2. Logged in successfully as root user using ssh
3. "PermitRootLogin" setting in "/etc/ssh/
cat /etc/ssh/
PermitRootLogin yes
Expected Behavior
------------------
"PermitRootLogin" setting in "/etc/ssh/
Actual Behavior
----------------
PermitRootLogin" setting in "/etc/ssh/
Reproducibility
---------------
<Reproducible/
100% reproducible
Changed in starlingx: | |
status: | New → Incomplete |
status: | Incomplete → In Progress |
assignee: | nobody → Carmen Rata (crata) |
description: | updated |
Resolved by: https:/ /review. opendev. org/c/starlingx /tools/ +/907074
Merged on Jan 29, 2024