CVE: CVE-2020-8632

Export to Word

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.0004
Percentile: 0.11035

CVSS Scoring

CVSS v3.1 Score: 5.5

Severity: MEDIUM

Mapped CWE(s)

CWE-521 : Weak Password Requirements

All CAPEC(s)

CAPEC-112: Brute Force
CAPEC-16: Dictionary-based Password Attack
CAPEC-49: Password Brute Forcing
CAPEC-509: Kerberoasting
CAPEC-55: Rainbow Table Password Cracking
CAPEC-555: Remote Services with Stolen Credentials
CAPEC-561: Windows Admin Shares with Stolen Credentials
CAPEC-565: Password Spraying
CAPEC-70: Try Common or Default Usernames and Passwords

CAPEC(s) with Mapped TTPs

CAPEC-112: Brute Force
Mapped TTPs:
- T1110 : Brute Force
CAPEC-49: Password Brute Forcing
Mapped TTPs:
- T1110.001 : Password Guessing
CAPEC-509: Kerberoasting
Mapped TTPs:
- T1558.003 : Kerberoasting
CAPEC-55: Rainbow Table Password Cracking
Mapped TTPs:
- T1110.002 : Password Cracking
CAPEC-555: Remote Services with Stolen Credentials
Mapped TTPs:
- T1021 : Remote Services
- T1114.002 : Remote Email Collection
- T1133 : External Remote Services
CAPEC-561: Windows Admin Shares with Stolen Credentials
Mapped TTPs:
- T1021.002 : SMB/Windows Admin Shares
CAPEC-565: Password Spraying
Mapped TTPs:
- T1110.003 : Password Spraying
CAPEC-70: Try Common or Default Usernames and Passwords
Mapped TTPs:
- T1078.001 : Default Accounts

Mapped ATT&CK TTPs

T1110 : Brute Force
Kill Chain: credential-access
T1110.001 : Password Guessing
Kill Chain: credential-access
T1558.003 : Kerberoasting
Kill Chain: credential-access
T1110.002 : Password Cracking
Kill Chain: credential-access
T1021 : Remote Services
Kill Chain: lateral-movement
T1114.002 : Remote Email Collection
Kill Chain: collection
T1133 : External Remote Services
Kill Chain: persistence
T1021.002 : SMB/Windows Admin Shares
Kill Chain: lateral-movement
T1110.003 : Password Spraying
Kill Chain: credential-access
T1078.001 : Default Accounts
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

C0027
Operation Wocao
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
CostaRicto
2016 Ukraine Electric Power Attack
2015 Ukraine Electric Power Attack
Operation Dream Job
APT28 Nearest Neighbor Campaign
Night Dragon
Leviathan Australian Intrusions
Operation MidnightEclipse
C0032
HomeLand Justice
Cutting Edge

Affected Products

cpe:2.3:a:canonical:cloud-init:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

← Back to Home