Ansible template caching generates identical values when consecutive facts are created from password lookup with same length. Values should be different to prevent generate same passwords for different fields which can be used for different services or configurations and avoid exposing all of them at once.
Upstream fix: https://github.com/ansible/ansible/pull/67429/
From Product Security perspective this vulnerability could expose a really wide set of services and configurations depending of end users usage. CVSS score could be from non-existing in case of not using more than one look up password to critical if all of them are generated, so depending of how many values are generated and where they are used. Later consequences after these values are leaked or guessed somehow could become critical. For this is reason we would consider a blocker any revert of the current solution even if this could affect performance, to avoid exposing end users in worst cases scenarios. Adverse behavioural changes or performance issues must be taken as bugs or enhancements separately.
Name: Rihards Olups
Fix included in the Ansible 2.9.6 release: https://access.redhat.com/errata/RHBA-2020:0784