Root password is sent to system journal in clear text when set
By default root account is locked on discovered nodes, user needs to enable ssh service manually and enter root password in the dialog. Then it makes into the system journal in clear text.
This is being tracked as CVE-2016-4996, moderate impact.
Name: Thom Carlin (Red Hat)
#3 Updated by Lukas Zapletal about 3 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset foreman-discovery-image|5ec8a51cf400b9a2112a0ba34942d06e5c5589b8.