CVE-2020-25678 vulnerability in Red Hat and Other Products
Published on January 8, 2021

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Vendor Advisory Vendor Advisory NVD

Weakness Type

Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Products Associated with CVE-2020-25678

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25678 are published in these products:

Red Hat Ceph

Red Hat Ceph Storage

Fedora Project Fedora

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.01%

Percentile

2.77%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-25678 vulnerability in Red Hat and Other ProductsPublished on January 8, 2021

Weakness Type

Cleartext Storage of Sensitive Information

Products Associated with CVE-2020-25678

Exploit Probability

CVE-2020-25678 vulnerability in Red Hat and Other Products
Published on January 8, 2021