Bug #15517

Root password is sent to system journal in clear text when set

Added by Lukas Zapletal about 1 year ago. Updated about 1 year ago.

Status:Closed
Priority:Normal
Assigned To:Lukas Zapletal
Category:Image
Target version:Image 3.2.0
Difficulty:trivial Pull request:https://github.com/theforeman/foreman-discovery-image/pull/77
Bugzilla link:1349138
Story points-
Velocity based estimate-

Description

By default root account is locked on discovered nodes, user needs to enable ssh service manually and enter root password in the dialog. Then it makes into the system journal in clear text.

This is being tracked as CVE-2016-4996, moderate impact.

Acknowledgments:

Name: Thom Carlin (Red Hat)

Associated revisions

Revision 5ec8a51c
Added by Lukas Zapletal about 1 year ago

Fixes #15517 - root password is not sent to journal (#77)

History

#1 Updated by Lukas Zapletal about 1 year ago

  • Bugzilla link set to 1349138

#2 Updated by The Foreman Bot about 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-discovery-image/pull/77 added

#3 Updated by Lukas Zapletal about 1 year ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF