1162781 – remove password leak from ovirt-engine setup answer file

Bug 1162781 - remove password leak from ovirt-engine setup answer file

Summary: remove password leak from ovirt-engine setup answer file

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-log-collector
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Sandro Bonazzola
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:	integration
Depends On:
Blocks:	1162788
TreeView+	depends on / blocked

Reported:	2014-11-11 17:03 UTC by Dave Sullivan
Modified:	2019-04-24 07:47 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Prior to this update, the ovirt plug-in for the sos utility did not properly obfuscate the passwords in the ovirt-engine setup answer file, and the passwords were thus collected in plain text format. With this update, the passwords are now obfuscated as intended, and no longer collected.
Clone Of:
Clones:	1162788 (view as bug list)
Environment:
Last Closed:	2015-02-11 17:46:31 UTC
oVirt Team:	Integration
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0193	normal	SHIPPED_LIVE	rhevm-log-collector bug fix and enhancement update	2015-02-11 22:35:42 UTC
oVirt gerrit	35172	master	MERGED	remove password leak from ovirt-engine setup answer file	Never
oVirt gerrit	35237	ovirt-log-collector-3.5	MERGED	remove password leak from ovirt-engine setup answer file	Never

Description Dave Sullivan 2014-11-11 17:03:35 UTC

Description of problem:


Initial passwords leaked here: <rhevm-host-sosreport-tarball>/var/lib/ovirt-engine/setup/answers/YYYYMMDDHHMMSS-setup.conf

Version-Release number of selected component (if applicable):

3.X

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

****** out passwords


Additional info:

Comment 2 Petr Beňas 2014-11-18 13:39:35 UTC

in rhevm-log-collector-3.5.0-3.el6ev.noarch

Comment 5 errata-xmlrpc 2015-02-11 17:46:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0193.html

Comment 6 Franta Kust 2019-04-23 14:27:42 UTC

No updates, just to allow sync with Jira.

Note You need to log in before you can comment on or make changes to this bug.