Bug 1719327
| Summary: | Passwords saved in clear-text variable files during HE deployment via cockpit-ovirt | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Ido Rosenzwig <irosenzw> |
| Component: | cockpit-ovirt | Assignee: | Ido Rosenzwig <irosenzw> |
| Status: | CLOSED ERRATA | QA Contact: | Wei Wang <weiwang> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 4.3.4 | CC: | bugs, cshao, dfediuck, didi, dmoppert, emarcus, huzhao, lsvaty, mavital, nlevy, qiyuan, rbarry, sbonazzo, weiwang, yaniwang, yturgema |
| Target Milestone: | ovirt-4.3.5 | Keywords: | Rebase, Regression, Security, ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | cockpit-ovirt-0.13.2 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: Passwords was saved in a clear text file during the deployment process. at the end of the deployment the file was erased
Consequence: passwords were readable for some amount of time
Fix: passwords removed from the file
Result: the passwords aren't readable during the deployment.
|
Story Points: | --- |
| Clone Of: | 1703678 | Environment: | |
| Last Closed: | 2019-08-12 11:53:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1703678 | ||
| Bug Blocks: | |||
|
Comment 11
Sandro Bonazzola
2019-06-14 09:54:10 UTC
QE will verify it until getting new build. Test Version RHVH-4.3-20190620.7-RHVH-x86_64-dvd1.iso cockpit-system-195-1.el7.noarch cockpit-195-1.el7.x86_64 cockpit-bridge-195-1.el7.x86_64 cockpit-ws-195-1.el7.x86_64 cockpit-machines-ovirt-195-1.el7.noarch cockpit-dashboard-195-1.el7.x86_64 cockpit-storaged-195-1.el7.noarch cockpit-ovirt-dashboard-0.13.2-2.el7ev.noarch Test Steps: According to comment 0 Result: Application password and admin password are not in clear-text. [root@dell-perxxx-xx ~]# cat /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileHThRJZ.var he_local_vm_dir_path: /var/tmp he_local_vm_dir_prefix: localvm he_filtered_tokens_vars: ['ADMIN_PASSWORD','APPLIANCE_PASSWORD','ISCSI_PASSWORD','ISCSI_DISCOVER_PASSWORD','ROOTPWD','he_appliance_password','he_admin_password','he_iscsi_password','he_iscsi_discover_password','ansible_ssh_pass'] he_filtered_tokens_re: ['BEGIN PRIVATE KEY(?P<filter>.*)END PRIVATE KEY'] he_enable_hc_gluster_service: false he_bridge_if: em1 he_bridge: ovirtmgmt he_fqdn: rhevh-hostedengine-vm-xx.lab.eng.pek2.redhat.com he_host_address: dell-perxxx-xx.lab.eng.pek2.redhat.com he_vcpus: 4 he_maxvcpus: 24 he_cpu_sockets: 1 he_emulated_machine: null he_vm_uuid: 169bf9f7-a3c5-468d-90ac-f6631fa0e7e7 he_vm_mac_addr: "52:54:00:34:04:b0" he_mem_size_MB: 16384 he_vm_ip_addr: null he_vm_ip_prefix: null he_time_zone: Asia/Shanghai he_appliance_ova: null he_cloud_init_host_name: rhevh-hostedengine-vm-xx he_cloud_init_domain_name: lab.eng.pek2.redhat.com he_root_ssh_pubkey: null he_root_ssh_access: "yes" he_vm_etc_hosts: true he_apply_openscap_profile: false he_cdrom_uuid: null he_cdrom: null he_nic_uuid: null he_console_uuid: null he_video_device: vga he_graphics_device: vnc he_vm_name: HostedEngine he_enable_libgfapi: null he_host_name: dell-perxxx-xx.lab.eng.pek2.redhat.com he_console_type: vnc he_cpu_type: model_Conroe QE cannot reproduce this bug, verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:2433 |