It was discovered that with log level set to "DEBUG", ovirt-engine includes passwords in the log file without masking. Note that only administrators can change the log level, and only administrators can access logs. This presents a risk when debug-level logs are shared with vendors etc to troubleshoot issues. Upstream patch: https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commitdiff;h=f4a5d0cc772127dbfe40789e26c4633ceea07d14;hp=e6e8704ac9eb115624ff66e2965877d8e63a45f4
Acknowledgments: Name: Jiri Belka (Red Hat)
This was addressed in ovirt-engine-4.1.7.6-0.1: https://access.redhat.com/errata/RHEA-2017:3138
Created ovirt-engine tracking bugs for this issue: Affects: fedora-all [bug 1513331]