userchannel/passwdmgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.
[
{
"id": "CVE-2020-14156-848c889f",
"target": {
"file": "user_channel/passwd_mgr.cpp"
},
"signature_version": "v1",
"source": "https://github.com/openbmc/phosphor-host-ipmid/commit/b265455a2518ece7c004b43c144199ec980fc620",
"signature_type": "Line",
"digest": {
"line_hashes": [
"252991752679431044555234616444420233430",
"65904686594404160380191304806490240067",
"137063415457927835696535855043186268131",
"180387537637815624261826777414010078081"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2020-14156-c60e67a4",
"target": {
"function": "PasswdMgr::updatePasswdSpecialFile",
"file": "user_channel/passwd_mgr.cpp"
},
"signature_version": "v1",
"source": "https://github.com/openbmc/phosphor-host-ipmid/commit/b265455a2518ece7c004b43c144199ec980fc620",
"signature_type": "Function",
"digest": {
"function_hash": "43864797705569856490062654094805787069",
"length": 4876.0
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14156.json"
"2026-04-11T21:19:52Z"
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2020-04-03"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2020-04-03"
}
]
}
]