Critical severity9.8NVD Advisory· Published Apr 26, 2016· Updated Jun 17, 2026
CVE-2016-1601
CVE-2016-1601
Description
yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: <3.1.47
- osv-coords5 versionspkg:rpm/opensuse/yast2-users&distro=openSUSE%20Tumbleweedpkg:rpm/suse/yast2-users&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/yast2-users&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/yast2-users&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/yast2-users&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 3.2.6-1.1+ 4 more
- (no CPE)range: < 3.2.6-1.1
- (no CPE)range: < 3.1.41.3-9.1
- (no CPE)range: < 3.1.41.3-9.1
- (no CPE)range: < 3.1.41.3-9.1
- (no CPE)range: < 3.1.41.3-9.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.