Project

General

Profile

Actions

Bug #28112

closed

Bug #29931: Root repository upstream password saved in clear text

yum repos password stored as cleartext in audits

Added by Kavita Gaikwad over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Repositories
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1630536

Description of problem:

When you set a password for a repo in "Upstream Password" field, it appears in cleartext in the audit logs.

Due to:

Bug 1630535 - admin password is added to yum repo config

the admin password can end up in the audit logs.

Version-Release number of selected component (if applicable):

~]# rpm -q satellite
satellite-6.4.0-14.el7sat.noarch

How reproducible:

Steps to Reproduce:
1. Products > Repositories
2. Create a custom product with a yum repository.
3. Add a password to "Upstream Password"
4. Check the audit logs

Actual results:

Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264

Upstream password changed from [empty] to changeme
Checksum type changed from sha256 to sha1

Expected results:

Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264

Upstream password changed from [empty] to [redacted]
Checksum type changed from sha256 to sha1
Actions #1

Updated by James Jeffers over 4 years ago

  • Target version set to Katello Backlog
  • Triaged changed from No to Yes
Actions #2

Updated by The Foreman Bot almost 4 years ago

  • Status changed from New to Ready For Testing
  • Target version deleted (Katello Backlog)
  • Pull request https://github.com/Katello/katello/pull/8726 added
Actions #3

Updated by Justin Sherrill almost 4 years ago

  • Subject changed from yum repos password stored as cleartext to yum repos password stored as cleartext in audits
Actions #4

Updated by Bryan Kearney over 3 years ago

  • Status changed from Ready For Testing to Duplicate
  • Parent task set to #29931
Actions #5

Updated by Bryan Kearney over 3 years ago

  • Status changed from Duplicate to Closed

Dupe of 29931

Actions

Also available in: Atom PDF