A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password.
rhcon-ceph leaks password in plain text via command line parameter.
Authenticated Local user can view passwords in plain text by ps -ef command.
This issue has been addressed in the following products:
Red Hat Storage Console 2 for Red Hat Enteprise Linux 7
Via RHSA-2016:2082 https://access.redhat.com/errata/RHSA-2016:2082