EUVD-2019-2178

Malware in sbrugna...

cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment

A credential-protection flaw was found in cockpit-ovirt. During deployment, it generated an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contained both admin and appliance passwords as plain-text. Although these files are deleted at the end of th...

CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted...

CVE-2019-10139

CVE-2019-10139 affects cockpit-ovirt: during hosted engine deployment, cockpit-ovirt creates an ansibleVarFileXXXXXX.var containing admin and appliance passwords in plain text at /var/lib/ovirt-hosted-engine-setup/cockpit/. These files are deleted at the end of deployment, but during exposure the...

CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted...