World-readable permissions on /etc/origin/master/master-config.yaml expose Active Directory credentials in Red Hat OpenShift Enterprise 3.1

World-readable permissions on /etc/origin/master/master-config.yaml expose Active Directory credentials in Red Hat OpenShift Enterprise 3.1

CVE-2016-2142 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.

Learn more about our User Device Pen Test.