World-readable permissions for /etc/qci/answers in Red Hat QuickStart Cloud Installer (QCI) allows unauthorized access to root password

World-readable permissions for /etc/qci/answers in Red Hat QuickStart Cloud Installer (QCI) allows unauthorized access to root password

CVE-2016-6322 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.

Learn more about our Cloud Audit.