Launchpad CVE tracker

CVE 2020-8632

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

Related bugs and status

CVE-2020-8632 (Candidate) is related to these bugs:

Bug #1860789: ssh_authkey_fingerprints must use sha256 not md5

Summary				In	Importance	Status
	1860789	ssh_authkey_fingerprints must use sha256 not md5		cloud-init (Ubuntu)	Undecided	Fix Released
	1860789	ssh_authkey_fingerprints must use sha256 not md5		cloud-init	Undecided	Fix Released

Bug #1860795: cc_set_passwords is too short for RANDOM

Summary				In	Importance	Status
	1860795	cc_set_passwords is too short for RANDOM		cloud-init (Ubuntu)	Undecided	Fix Released
	1860795	cc_set_passwords is too short for RANDOM		cloud-init	Undecided	Fix Released

Bug #1861412: cloud-init crashes with static network configuration

		In	Importance	Status
1861412	cloud-init crashes with static network configuration	cloud-init (Ubuntu)	Undecided	Fix Released
1861412	cloud-init crashes with static network configuration	Ubuntu on IBM z Systems	High	Fix Released
1861412	cloud-init crashes with static network configuration	cloud-init	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-8632

References