Bug 1014456 - RTGov authentication config uses open-text passwords
RTGov authentication config uses open-text passwords
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Configuration (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity high
: ER7
: 6.0.0
Assigned To: Julian Coleman
Jiri Pechanec
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-02 01:53 EDT by Jiri Pechanec
Modified: 2014-02-06 10:25 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The RTGov authentication stores passwords in clear text. The passwords should be encrypted or hashed. The defaults present a security risk to users.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-06 10:25:39 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jiri Pechanec 2013-10-02 01:53:18 EDT
The RTGov authentication based on property files stores passwords in open-text. The passwords should be encrypted/hashed.

overlord-idp-users.properties
#eric=eric
admin=JBoss.123

overlord-rtgov.properties for rtgc-only
RESTActivityServer.serverUsername=admin
RESTActivityServer.serverPassword=JBoss.123
Comment 1 Jiri Pechanec 2013-12-13 00:50:07 EST
overlord-idp-users.properties - remove ok
overlord-rtgov.properties - still contains opentext credentials
Comment 2 Len DiMaggio 2014-01-21 21:20:01 EST
Seeing this in CR1 - with an RTGov client only install:

grep -i password ./standalone/configuration/overlord-rtgov.properties

RESTActivityServer.serverPassword=${vault:VAULT::rtgov::serverPassword::1}

Note You need to log in before you can comment on or make changes to this bug.