Red Hat Ansible Playbooks Password Exposure Vulnerability [CVE-2018-16859]
CVE Number – CVE-2018-16859
A vulnerability in Red Hat Ansible could allow a local attacker to discover plaintext passwords on a targeted system. The vulnerability is due to the plaintext exposure of “become” passwords when Ansible playbooks are executed on a Windows system with PowerShell scriptblock logging and module logging. An attacker with administrator privileges could exploit this vulnerability to discover the plaintext password. A successful exploit could be used to conduct further attacks.Red Hat has confirmed the vulnerability and released software updates.
Analysis
- To exploit this vulnerability, the attacker must have administrator privileges on the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Safeguards
- Administrators are advised to apply the appropriate updates.Administrators are advised to allow only trusted users to have network access.Administrators are advised to monitor critical systems.
Vendor Announcements
- Red Hat has released a pull request at the following link: split PS wrapper and payload #49142
Fixed Software
- Red Hat has released software updates at the following link: Ansible 2.5.13, 2.6.10, and 2.7.4
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.