Carsten Clasohm of Red Hat reports: During registration of a CloudForms appliance with Red Hat Subscription Management, using the appliance Web UI the RHN subscription information is logged into the log file: /var/www/miq/vmdb/log/top_output.log: 2620 2165 root 21 1 292m 22m 7712 S 0.6 0.6 0:00.36 /usr/bin/python -S /usr/sbin/subscription-manager orgs --username=RHN_USERNAME --password=RHN_PASSWORD --serverurl=subscription.rhn.redhat.com Please note that the file /var/www/miq/vmdb/log/top_output.log is world readable by default.
Acknowledgement: This issue was discovered by Carsten Clasohm of Red Hat.
Statement: This issue affects Red Hat Cloud Forms 5. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Please note that a fix for this issue may also be documented in the CFME hardening guide.