openshift-origin-broker is vulnerable to insecure defaults. The vulnerability exists as it was discovered that openshift-origin-broker configured several default user names and passwords for services if no user name or password was specified during installation. A remote attacker could use these default user names and passwords to access various parts of the OpenShift Enterprise installation with the privileges of an administrative user.
openwall.com/lists/oss-security/2014/06/05/19
www.securityfocus.com/bid/67657
access.redhat.com/errata/RHBA-2014:0487
access.redhat.com/security/cve/CVE-2014-0234
access.redhat.com/security/updates/classification/#important
access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/2/
bugzilla.redhat.com/show_bug.cgi?id=1065409
bugzilla.redhat.com/show_bug.cgi?id=1097008
github.com/openshift/openshift-extras/blob/master/README.md
rhn.redhat.com/errata/RHSA-2014-0487.html