Bug #28112: yum repos password stored as cleartext in audits - Katello - Foreman

Actions

Copy link

Bug #28112

closed

Bug #29931: Root repository upstream password saved in clear text

yum repos password stored as cleartext in audits

Added by Kavita Gaikwad almost 5 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Repositories

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

1630536

Pull request:

https://github.com/Katello/katello/pull/8726

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1630536

Description of problem:

When you set a password for a repo in "Upstream Password" field, it appears in cleartext in the audit logs.

Due to:

Bug 1630535 - admin password is added to yum repo config

the admin password can end up in the audit logs.

Version-Release number of selected component (if applicable):

~]# rpm -q satellite
satellite-6.4.0-14.el7sat.noarch

How reproducible:

Steps to Reproduce:
1. Products > Repositories
2. Create a custom product with a yum repository.
3. Add a password to "Upstream Password"
4. Check the audit logs

Actual results:

Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264

Upstream password changed from [empty] to changeme
    Checksum type changed from sha256 to sha1

Expected results:

Admin (10.40.205.48) updated Katello/Repository: Test BZ1625264

Upstream password changed from [empty] to [redacted]
    Checksum type changed from sha256 to sha1

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Plugins » Katello

Custom queries

Bug #28112

yum repos password stored as cleartext in audits

Updated by James Jeffers almost 5 years ago

Updated by The Foreman Bot over 4 years ago

Updated by Justin Sherrill over 4 years ago

Updated by Bryan Kearney about 4 years ago

Updated by Bryan Kearney about 4 years ago