1111277 – rhevm-engine-setup: weak default passwords for PostgreSQL database users

Bug 1111277 - rhevm-engine-setup: weak default passwords for PostgreSQL database users

Summary: rhevm-engine-setup: weak default passwords for PostgreSQL database users

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-setup
Sub Component:
Version:	3.3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.3.4
Assignee:	Sandro Bonazzola
QA Contact:	Petr Beňas
Docs Contact:
URL:
Whiteboard:	integration
Depends On:	1103976 1111084
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-19 15:33 UTC by Chris Pelland
Modified:	2014-07-09 11:52 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, automatically setting up a PostgreSQL database with engine-setup generated weak passwords for the PostgreSQL users. Since the PostgreSQL database is accessible remotely with a default Red Hat Enterprise Virtualization Manager installation, this was a security issue. Now a patch has been added that creates stronger random passwords and the length has been extended to 22 characters.
Clone Of:	1111084
Environment:
Last Closed:	2014-07-09 11:52:25 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:0863	normal	SHIPPED_LIVE	rhevm 3.3.4 bug fix update	2014-07-09 15:51:43 UTC
oVirt gerrit	27615	None	None	None	Never
oVirt gerrit	27633	None	None	None	Never
oVirt gerrit	27635	None	None	None	Never

Comment 2 Petr Beňas 2014-06-26 15:45:40 UTC

[root@localhost ~]#  grep PASS /etc/ovirt-engine/engine.conf.d/10-setup-database.conf | cut -d '=' -f 2 | wc -c
25
[root@localhost ~]# rpm -qa rhevm-setup
rhevm-setup-3.3.4-0.53.el6ev.noarch

Comment 4 errata-xmlrpc 2014-07-09 11:52:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0863.html

Note You need to log in before you can comment on or make changes to this bug.