It was discovered that sensitive information could be disclosed through world readable file heketi.json containing private keys in heketi 5.x and previous. https://access.redhat.com/security/vulnerabilities/3246991
Acknowledgments: Name: Siddharth Sharma (Red Hat)
In reply to comment 0: Does this also mean that the passwords are not being stored properly (hashed, or at least encrypted) as well?
Created heketi tracking bugs for this issue: Affects: epel-all [bug 1527161] Affects: fedora-all [bug 1527160]
This issue has been addressed in the following products: Red Hat Gluster Storage 3.3 for RHEL 7 Via RHSA-2017:3481 https://access.redhat.com/errata/RHSA-2017:3481