1111084 – rhevm-engine-setup: weak default passwords for PostgreSQL database users

Bug 1111084 - rhevm-engine-setup: weak default passwords for PostgreSQL database users

Summary: rhevm-engine-setup: weak default passwords for PostgreSQL database users

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-setup
Sub Component:
Version:	3.3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.4.1
Assignee:	Sandro Bonazzola
QA Contact:	Petr Beňas
Docs Contact:
URL:
Whiteboard:	integration
Depends On:	1103976
Blocks:	1111277
TreeView+	depends on / blocked

Reported:	2014-06-19 08:28 UTC by rhev-integ
Modified:	2014-07-29 16:24 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, automatically setting up a PostgreSQL database with engine-setup generated weak passwords for the PostgreSQL users. Since the PostgreSQL database is accessible remotely with a default Red Hat Enterprise Virtualization Manager installation, this was a security issue. Now a patch has been added that creates stronger random passwords and the length has been extended to 22 characters.
Clone Of:	1103976
Clones:	1111277 (view as bug list)
Environment:
Last Closed:	2014-07-29 16:24:24 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:0960	normal	SHIPPED_LIVE	Red Hat Enterprise Virtualization Manager 3.4.1	2014-07-29 20:23:10 UTC
oVirt gerrit	27615	None	None	None	Never
oVirt gerrit	27633	None	None	None	Never
oVirt gerrit	27635	None	None	None	Never

Comment 4 Petr Beňas 2014-06-26 14:51:35 UTC

[root@localhost ~]#  grep PASS /etc/ovirt-engine/engine.conf.d/10-setup-database.conf | cut -d '=' -f 2 | wc -c
25
[root@localhost ~]# rpm -qa rhevm-setup
rhevm-setup-3.4.1-0.23.el6ev.noarch

Comment 6 errata-xmlrpc 2014-07-29 16:24:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0960.html

Note You need to log in before you can comment on or make changes to this bug.