Bug #28112
closed
Bug #29931: Root repository upstream password saved in clear text
yum repos password stored as cleartext in audits
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1630536
Description of problem:
When you set a password for a repo in "Upstream Password" field, it appears in cleartext in the audit logs.
Due to:
Bug 1630535 - admin password is added to yum repo config
the admin password can end up in the audit logs.Version-Release number of selected component (if applicable):
~]# rpm -q satellite
satellite-6.4.0-14.el7sat.noarch
How reproducible:
Steps to Reproduce:
1. Products > Repositories
2. Create a custom product with a yum repository.
3. Add a password to "Upstream Password"
4. Check the audit logs
Actual results:
Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264
Upstream password changed from [empty] to changeme
Checksum type changed from sha256 to sha1Expected results:
Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264
Upstream password changed from [empty] to [redacted]
Checksum type changed from sha256 to sha1
Updated by James Jeffers about 5 years ago
- Target version set to Katello Backlog
- Triaged changed from No to Yes
Updated by The Foreman Bot over 4 years ago
- Status changed from New to Ready For Testing
- Target version deleted (
Katello Backlog) - Pull request https://github.com/Katello/katello/pull/8726 added
Updated by Justin Sherrill over 4 years ago
- Subject changed from yum repos password stored as cleartext to yum repos password stored as cleartext in audits
Updated by Bryan Kearney over 4 years ago
- Status changed from Ready For Testing to Duplicate
- Parent task set to #29931