Root password is sent to system journal in clear text when set
|Assigned To:||Lukas Zapletal|
|Target version:||Image 3.2.0|
|Velocity based estimate||-|
By default root account is locked on discovered nodes, user needs to enable ssh service manually and enter root password in the dialog. Then it makes into the system journal in clear text.
This is being tracked as CVE-2016-4996, moderate impact.
Name: Thom Carlin (Red Hat)
#3 Updated by Lukas Zapletal 11 months ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset foreman-discovery-image|5ec8a51cf400b9a2112a0ba34942d06e5c5589b8.