Dominic Cleal of Red Hat reports: The kafo_configure puppet module creates /tmp/default_values.yaml world readable and without checking for it's existance. This creates a race-condition that would allow a local attacker to control the contents of the file which stores default values for all parameters (such as auto-generated passwords). References: http://projects.theforeman.org/issues/4648