It is reported that cfme contains a default salt value: lib/util/miq-password.rb def initialize(str=nil, enc_alg=nil, key=nil, iv=nil) @enc_alg = enc_alg || @@enc_alg || "AES-128-CBC" @key = key || @@key || "1234567890123456" @iv = iv || @@iv || "6543210987654321" @encStr = nil This negates the value of having a salt function with respect to password storage.
This issue has been addressed in following products: CloudForms Management Engine 5.x Via RHSA-2014:0816 https://rhn.redhat.com/errata/RHSA-2014-0816.html