{"id":"CVE-2006-6614","details":"The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.","modified":"2026-01-27T04:07:37.113500Z","published":"2006-12-18T02:28:00Z","withdrawn":"2026-01-27T04:07:37.113500Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/23330"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/4995"},{"type":"EVIDENCE","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402644"},{"type":"WEB","url":"http://www.securityfocus.com/bid/21579"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30892"}],"schema_version":"1.7.3"}