The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.
https://bugzilla.redhat.com/show_bug.cgi?id=1370315
http://www.securityfocus.com/bid/92655
Source: Mitre, NVD
Published: 2016-09-22
Updated: 2016-09-22
Base Score: 2.1
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: Low
Base Score: 8.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: High