Project

General

Profile

Actions
Copy link

Bug #15517

closed

Root password is sent to system journal in clear text when set

Added by Lukas Zapletal almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Image
Target version:
Discovery Image 3.2.0
Difficulty:
trivial
Triaged:
Bugzilla link:
1349138
Pull request:
https://github.com/theforeman/foreman-discovery-image/pull/77
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

By default root account is locked on discovered nodes, user needs to enable ssh service manually and enter root password in the dialog. Then it makes into the system journal in clear text.

This is being tracked as CVE-2016-4996, moderate impact.

Acknowledgments:

Name: Thom Carlin (Red Hat)

Actions
Copy link
 #1

Updated by Lukas Zapletal almost 8 years ago

  • Bugzilla link set to 1349138
Actions
Copy link
 #2

Updated by The Foreman Bot almost 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-discovery-image/pull/77 added
Actions
Copy link
 #3

Updated by Lukas Zapletal almost 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF