Project

General

Profile

Actions
Copy link

Bug #28112

closed

Bug #29931: Root repository upstream password saved in clear text

yum repos password stored as cleartext in audits

Added by Kavita Gaikwad about 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Repositories
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
1630536
Pull request:
https://github.com/Katello/katello/pull/8726
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1630536

Description of problem:

When you set a password for a repo in "Upstream Password" field, it appears in cleartext in the audit logs.

Due to:

Bug 1630535 - admin password is added to yum repo config

the admin password can end up in the audit logs.

Version-Release number of selected component (if applicable):

~]# rpm -q satellite
satellite-6.4.0-14.el7sat.noarch

How reproducible:

Steps to Reproduce:
1. Products > Repositories
2. Create a custom product with a yum repository.
3. Add a password to "Upstream Password"
4. Check the audit logs

Actual results:

Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264

Upstream password changed from [empty] to changeme
    Checksum type changed from sha256 to sha1

Expected results:

Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264

Upstream password changed from [empty] to [redacted]
    Checksum type changed from sha256 to sha1
Actions
Copy link

Also available in: Atom PDF