CVE-2016-1601

CVE-2016-1601 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.