Remove YAML host permissions from basic users,
A default user with no permissions granted, can view a host and click the 'yaml' option, which will output a rootpw hash. This is not ideal and with the appropriate rainbow tables or similar toolkit could lead to a compromise.
- Related to Bug #2069: (encrypted) root passwords are world readable added
- Category changed from Web Interface to Authorization
I think we could improve on this with a dedicated permission for access to password hashes, so they're not readable to other users from either the YAML output or the APIs.
- Related to Bug #5878: Reports - view_reports role gives view_hosts role added
- Bugzilla link set to 1437789
Also available in: Atom