#VU51628 Insufficiently protected credentials in cloud-init (Ubuntu package) - CVE-2020-8632

Cybersecurity Help s.r.o.

Published: 2021-03-23

Vulnerability identifier: #VU51628

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-8632

CWE-ID: CWE-522

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
cloud-init (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor: Canonical Ltd.

Description

The vulnerability allows a local user to guess passwords.

The vulnerability exists due to cloud-init has a small default pwlen value in rand_user_password() function in cloudinit/config/cc_set_passwords.py. A local user can guess passwords and gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cloud-init (Ubuntu package): 0.5.0 - 19.4

External links
https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00042.html
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
https://github.com/canonical/cloud-init/pull/189
https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for cloud-init

Multiple vulnerabilities in Canonical cloud-init

openEuler 20.03 LTS update for cloud-init

Red Hat Enterprise Linux 8 update for cloud-init