Bug 1651426

Summary: v2v - OSP admin password exposed in virt-v2v-wrapper logs
Product: Red Hat Enterprise Virtualization Manager Reporter: Brett Thurber <bthurber>
Component: libguestfsAssignee: Tomáš Golembiovský <tgolembi>
Status: CLOSED CURRENTRELEASE QA Contact: Yadnyawalk Tale <ytale>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.2.7CC: kkulkarn, mtessun, sgoodman, smallamp, tgolembi, ytale
Target Milestone: ovirt-4.3.0   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: v2v
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously when converting to OpenStack, failed conversions revealed passwords for accessing OpenStack in the wrapper log. This issue has been fixed and passwords are no longer revealed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-15 18:01:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1664310    
Bug Blocks:    

Description Brett Thurber 2018-11-20 03:35:55 UTC 
Description of problem:
When migrating from VMware to OSP using the IMS tooling and virt-v2v-wrapper from this package:  ovirt-ansible-v2v-conversion-host-1.7.0-2.el7ev.noarch.rpm the OSP admin password is exposed in clear text.  It is also present in the virt-v2v.log


Version-Release number of selected component (if applicable):
ovirt-ansible-v2v-conversion-host-1.7.0-2.el7ev.noarch.rpm


How reproducible:
Everytime

Steps to Reproduce:
1.  Using IMS tooling, initiate a VM migration from VMware to OSP
2.
3.

Actual results:
Admin password exposed

Expected results:
Admin password hashed

Additional info:
Comment 3 Yadnyawalk Tale 2018-12-27 11:27:24 UTC 
Still reproducible with conversion appliance https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=815918.
Tested with 5.10.0.30.20181218191323_900a416.
Comment 10 Tomáš Golembiovský 2019-01-08 12:16:58 UTC 
*** Bug 1650244 has been marked as a duplicate of this bug. ***