Bug 2233183
| Summary: | red hat "rhel system role" ad_integration leaks credentials when in check_mode | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Rich Megginson <rmeggins> |
| Component: | rhel-system-roles | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED ERRATA | QA Contact: | CS System Management SST QE <rhel-cs-system-management-subsystem-qe> |
| Severity: | medium | Docs Contact: | David Voženílek <dvozenil> |
| Priority: | unspecified | ||
| Version: | 8.9 | CC: | djez, jharuda, jpetrini, jstephen, jvavra, lmanasko, pkettman, security-response-team, spetrosi, vdanek |
| Target Milestone: | rc | Keywords: | Security, Triaged |
| Target Release: | 8.9 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | role:ad_integration | ||
| Fixed In Version: | rhel-system-roles-1.22.0-1.el8 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: The code was constructing the realm join command to be passed
via the shell module, including piping the password into the command,
and was showing the command, including the password, when using
check mode.
Consequence: The clear text password was available in the logs when
using check mode.
Fix: Use command with stdin for the password instead of shell. The
password is not part of the command. command with stdin is more
secure than using shell.
Result: The password is not logged. The role is more secure.
|
Story Points: | --- |
| Clone Of: | 2232758 | Environment: | |
| Last Closed: | 2023-11-14 15:31:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2232758 | ||
| Bug Blocks: | |||
|
Comment 6
errata-xmlrpc
2023-11-14 15:31:43 UTC
|