CVE-2016-5432

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization RHEV Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files...

ovirt-engine: ovirt-engine-provisiondb logs contain DB username and password in plain text

It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the “—provisiondb” options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such...