CVE-2012-0059 MEDIUM

CVE-2012-0059: Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-209 · Error message info leak
Published February 5, 2014
Last update April 2, 2026
View on NVD All CVEs

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.

Key dates

02Disclosure timeline

February 5, 2014 CVE published
April 2, 2026 Record updated