Red Hat Bugzilla – Bug 872487
CVE-2012-4574 pulp /etc/pulp/pulp.conf world readable, contains default admin password
Last modified: 2014-05-28 02:09:22 EDT
During an audit of file permissions within CloudForms it was found that the
/etc/pulp/pulp.conf is world readable. This file can contain the following
# default_password: default password for admin
# Highly recommend changing the default_password with "pulp-admin user update"
This file should not be world readable, it should only be readable by the
user/group that pulp runs as.
This issue was discovered by Kurt Seifried of the Red Hat Security Response Team.
This issue has been addressed in following products:
CloudForms for RHEL 6
CloudForms Tools for RHEL 5
Via RHSA-2012:1543 https://rhn.redhat.com/errata/RHSA-2012-1543.html