Product security update: Virtuozzo 7.0 Update 3 Hotfix 2 (7.0.3-640)¶
Issue date: 2017-03-17
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2017-018
The new package for Virtuozzo 7.0.3 introducing a security fix.
2. Security Fixes¶
[Moderate] Incorrect checking of locked VM accounts in Virtuozzo SDK allowed one to use any password to log in to a VM with such a locked account via a third-party program using Virtuozzo SDK that was launched on host. Other login methods, e.g., via SSH, were not affected. (PSBM-62160)