It was found that sosreport's "anaconda" plugin collects /root/anaconda-ks.cfg, which contains the root password for the system, possibly crypt'd, possibly plain. sosreport should blank this password in a similar way to the ldap plugin's treatment of bindpw in /etc/ldap.conf
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0958 https://rhn.redhat.com/errata/RHSA-2012-0958.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1121 https://rhn.redhat.com/errata/RHSA-2013-1121.html
Statement: (none)