The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.
Publication date: Fri, 16 Jan 2015 22:59:00 +0000