Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1701942 - Sudo password should be hidden instead of plain text.
Summary: Sudo password should be hidden instead of plain text.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Remote Execution
Version: 6.4
Hardware: Unspecified
OS: Unspecified
high
high with 1 vote
Target Milestone: 6.7.0
Assignee: Adam Ruzicka
QA Contact: Roman Plevka
URL:
Whiteboard:
: 1710085 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-04-22 14:05 UTC by Vedashree Deshpande
Modified: 2023-09-07 19:56 UTC (History)
20 users (show)

Fixed In Version: foreman-1.24.1.8-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:24:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 27481 0 Normal Closed Secrets should be hidden 2021-02-09 05:05:44 UTC
Foreman Issue Tracker 29044 0 Normal Closed Settings should have their value hidden in API if they are encrypted 2021-02-09 05:05:44 UTC
Red Hat Product Errata RHSA-2020:1454 0 None None None 2020-04-14 13:24:22 UTC

Comment 5 Vedashree Deshpande 2019-04-24 15:16:23 UTC 
Hello Ivan, 

The password we enter on the Web UI under Administer-> Settings-> Remote Execution -> Sudo Password, is not encrypted. So, the request is to encrypt/add asterisk instead of plain text in the place of password.

I hope I am clear. Please correct me if this meant to be like this.
Comment 12 Bryan Kearney 2019-10-01 14:05:28 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27481 has been resolved.
Comment 13 Kenny Tordeurs 2019-10-30 15:02:00 UTC 
*** Bug 1710085 has been marked as a duplicate of this bug. ***
Comment 16 Roman Plevka 2020-01-29 14:23:55 UTC 
FAILED QA
satellite6.7.0 snap #10
the sudo password is still plaintext in the ui.
the sudo password is still plaintext in the hammer list command output
Comment 20 Adam Ruzicka 2020-02-24 08:45:45 UTC 
All the upstream issues are closed, moving to POST
Comment 22 Roman Plevka 2020-03-02 11:25:37 UTC 
VERIFIED
on sat6.7.0-14


The passwords are masked in the API,CLI,UI output.

# hammer settings list | grep sudo_password
remote_execution_sudo_password                         | Sudo password                                               | *****                                                                            | Sudo password         

The sudo password is not displayed in the task details
Comment 25 errata-xmlrpc 2020-04-14 13:24:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454
Note You need to log in before you can comment on or make changes to this bug.