Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)


Red Hat CloudForms Bugs Let Remote Users Conduct Man-in-the-Middle Attacks to Spoof Servers and Obtain Authentication Information
Severity Rating: Medium
Systems Affected:
  • Management Engine 5.8
Two vulnerabilities have been identified in Red Hat CloudForms and can be exploited by remote attackers to spoof servers and obtain authentication information on vulnerable systems. The vulnerabilities reported are as follows:
·         The system uses a default SSL/TLS certificate for the web server during installation. This vulnerability can conduct a man-in-the-middle attack against the administrator during installation and can obtain a copy of the new private key.
·         The system does not verify that the server hostname matches the domain name in the certificate when using a custom certificate authority (CA). A remote user can spoof a Red Hat Virtualization (RHEV) or OpenShift system.
Users are advised to update apply updates.
More information is available on:
Vendor Information
Red Hat
Security Tracker
Red Hat Security Advisory
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis