Vulnerability DatabaseCVE-2011-4076
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2011-4076
November 26, 2019
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.
Related ResourcesĀ (8)
https://security-tracker.debian.org/tracker/CVE-2011-4076
https://nvd.nist.gov/vuln/detail/CVE-2011-4076
https://www.openwall.com/lists/oss-security/2011/10/25/4
https://github.com/openstack/nova/commit/b1ab6da1495784ff581000018a6047fd19cf82c4
https://bugs.launchpad.net/nova/+bug/868360
https://github.com/openstack/nova/commit/beee11edbfdd82cd81bc9c0fd75912c167892c2b
https://access.redhat.com/security/cve/cve-2011-4076
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
4.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
0.41