1103976 – rhevm-engine-setup: weak default passwords for PostgreSQL database users

Bug 1103976 - rhevm-engine-setup: weak default passwords for PostgreSQL database users

Summary: rhevm-engine-setup: weak default passwords for PostgreSQL database users

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-setup
Sub Component:
Version:	3.3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Sandro Bonazzola
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:	integration
Depends On:	1097022
Blocks:	1097023 1111084 1111277 rhev3.5beta 1156165
TreeView+	depends on / blocked

Reported:	2014-06-03 03:50 UTC by David Jorm
Modified:	2015-02-11 18:03 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, setting up a PostgreSQL database with the engine-setup command generated weak passwords for PostgreSQL users. Since the PostgreSQL database is accessible remotely with a default Red Hat Enterprise Virtualization Manager installation, this was a security issue. With this update, stronger random passwords were generated and the password length has been extended to 22 characters.
Clone Of:	1097022
Clones:	1111084 (view as bug list)
Environment:
Last Closed:	2015-02-11 18:03:07 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1111093	high	CLOSED	[Docs][Change][async]Update hardening guide with postgres hints	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2015:0158	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Virtualization Manager 3.5.0	2015-02-11 22:38:50 UTC
oVirt gerrit	27615	None	None	None	Never
oVirt gerrit	27633	None	None	None	Never
oVirt gerrit	27635	None	None	None	Never

Internal Links: 1111093

Comment 3 Sandro Bonazzola 2014-06-19 08:37:30 UTC

already in ovirt-3.5.0-alpha2

Comment 4 Petr Beňas 2014-06-19 08:50:07 UTC

[root@pb-rh34 ~]# grep PASS /etc/ovirt-engine/engine.conf.d/10-setup-database.conf | cut -d '=' -f 2 | wc -c
9
[root@pb-rh34 ~]# rpm -qa rhevm
rhevm-3.4.0-0.22.el6ev.noarch


[root@pb-rh35 ~]# grep PASS /etc/ovirt-engine/engine.conf.d/10-setup-database.conf | cut -d '=' -f 2 | wc -c
25
[root@pb-rh35 ~]# rpm -qa ovirt-engine
ovirt-engine-3.5.0-0.0.master.20140612090854.el6.noarch

Comment 8 errata-xmlrpc 2015-02-11 18:03:07 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html

Note You need to log in before you can comment on or make changes to this bug.