Bug 1701942 - Sudo password should be hidden instead of plain text.
Summary: Sudo password should be hidden instead of plain text.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Remote Execution
Version: 6.4
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: 6.7.0
Assignee: Adam Ruzicka
QA Contact: Roman Plevka
URL:
Whiteboard:
: 1710085 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-04-22 14:05 UTC by Vedashree Deshpande
Modified: 2020-08-26 11:21 UTC (History)
20 users (show)

Fixed In Version: foreman-1.24.1.8-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:24:11 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 27481 Normal Closed Secrets should be hidden 2020-10-30 15:32:15 UTC
Foreman Issue Tracker 29044 Normal Closed Settings should have their value hidden in API if they are encrypted 2020-10-30 15:32:16 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:24:22 UTC

Comment 5 Vedashree Deshpande 2019-04-24 15:16:23 UTC
Hello Ivan, 

The password we enter on the Web UI under Administer-> Settings-> Remote Execution -> Sudo Password, is not encrypted. So, the request is to encrypt/add asterisk instead of plain text in the place of password.

I hope I am clear. Please correct me if this meant to be like this.

Comment 12 Bryan Kearney 2019-10-01 14:05:28 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27481 has been resolved.

Comment 13 Kenny Tordeurs 2019-10-30 15:02:00 UTC
*** Bug 1710085 has been marked as a duplicate of this bug. ***

Comment 16 Roman Plevka 2020-01-29 14:23:55 UTC
FAILED QA
satellite6.7.0 snap #10
the sudo password is still plaintext in the ui.
the sudo password is still plaintext in the hammer list command output

Comment 20 Adam Ruzicka 2020-02-24 08:45:45 UTC
All the upstream issues are closed, moving to POST

Comment 22 Roman Plevka 2020-03-02 11:25:37 UTC
VERIFIED
on sat6.7.0-14


The passwords are masked in the API,CLI,UI output.

# hammer settings list | grep sudo_password
remote_execution_sudo_password                         | Sudo password                                               | *****                                                                            | Sudo password         

The sudo password is not displayed in the task details

Comment 25 errata-xmlrpc 2020-04-14 13:24:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.