Login Sign Up

CVE-2016-6829

9.8 CRITICAL

📋 TL;DR

CVE-2016-6829 is a critical authentication vulnerability where the Trove service user in OpenStack deployments using the Crowbar Framework has a default, hardcoded password. This allows remote attackers to gain unauthorized access to the Trove database service. Affected systems include OpenStack deployments using Crowbar Framework and Trove Barclamp components.

💻 Affected Systems

Products:
  • OpenStack deployment (crowbar-openstack)
  • Trove Barclamp (barclamp-trove, crowbar-barclamp-trove)
Versions: All versions prior to fixes in August 2016
Operating Systems: Linux distributions running OpenStack with Crowbar Framework
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects OpenStack deployments using the Crowbar Framework. Standard OpenStack deployments without Crowbar are not affected.

📦 What is this software?

Barclamp Trove by Barclamp Trove Project

View all CVEs affecting Barclamp Trove →

Crowbar Openstack by Crowbar Openstack Project

View all CVEs affecting Crowbar Openstack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Trove database service, allowing attackers to access, modify, or delete sensitive database instances and credentials stored within the OpenStack deployment.

🟠

Likely Case

Unauthorized access to Trove service leading to data exposure, potential privilege escalation within the OpenStack environment, and lateral movement to other components.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls are implemented, though the default credential still represents a security weakness.

🌐 Internet-Facing: HIGH - If Trove service is exposed to the internet, attackers can easily exploit the default credentials.
🏢 Internal Only: HIGH - Even internally, any user with network access to the Trove service can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is trivial - attackers simply need to connect to the Trove service using the default credentials. No special tools or techniques required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commits 932298f250365fed6963700870e52db3a7a32daa (barclamp-trove) and 208230bdfbcb19d062149d083b1a66b429516a69 (crowbar-openstack)

Vendor Advisory: http://www.openwall.com/lists/oss-security/2016/08/16/1

Restart Required: Yes

Instructions:

1. Update to the latest version of barclamp-trove and crowbar-openstack. 2. Apply the specific commits that fix the default password issue. 3. Restart the Trove service. 4. Change the Trove service user password to a strong, unique value.

🔧 Temporary Workarounds

Change Trove Service Password

linux

Manually change the default password for the Trove service user to a strong, unique password

# Change password for trove user
sudo passwd trove
# Restart trove service
sudo systemctl restart trove

Network Access Restriction

linux

Restrict network access to the Trove service using firewall rules

# Example: Allow only specific IPs to access Trove port
sudo iptables -A INPUT -p tcp --dport 8779 -s trusted_ip -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8779 -j DROP

🧯 If You Can't Patch

  • Immediately change the default password for the Trove service user to a strong, unique password
  • Implement strict network access controls to limit who can connect to the Trove service (port 8779)

🔍 How to Verify

Check if Vulnerable:

Check if the Trove service is using default credentials by attempting to authenticate with known default passwords or checking configuration files for hardcoded credentials.

Check Version:

git log --oneline | grep -E '932298f|208230b'

Verify Fix Applied:

Verify that the password has been changed by attempting to authenticate with the old default credentials (should fail) and with the new credentials (should succeed). Check that the specific fix commits are present in your installation.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful authentication from unexpected sources
  • Multiple authentication attempts to Trove service from single IP
  • Trove service access from unauthorized network segments

Network Indicators:

  • Unexpected connections to Trove service port (default 8779)
  • Traffic patterns suggesting credential guessing or brute force attempts

SIEM Query:

source="trove.log" AND ("authentication failed" OR "login successful") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2016-6829
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: December 9, 2016
Last Updated: April 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-6829, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2017-2343 10.0

CVE-2017-2343 is a critical vulnerability in Juniper SRX Series firewalls with Integrated User Firew...

Same vulnerability type (CWE-798)