CVE-2024-9594: Packer Hardcoded Ssh Password
Hardcoded static SSH password found in Packer configuration. This allows attackers with network access to gain root access to the VM during the image build process. Avoid default static credentials; inject dynamically generated passwords like '{{ uuid }}' or inject them through variables.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0json
greprules fetch cve-2024-9594-packer-hardcoded-ssh-password --engine opengrepDescription
Hardcoded static SSH password found in Packer configuration. This allows attackers with network access to gain root access to the VM during the image build process. Avoid default static credentials; inject dynamically generated passwords like '{{ uuid }}' or inject them through variables.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0