rhscon-ceph is vulnerable to information disclosure attacks. The vulnerability exists as rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
access.redhat.com/errata/RHSA-2016:2082
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1342969
bugzilla.redhat.com/show_bug.cgi?id=1346379
bugzilla.redhat.com/show_bug.cgi?id=1358267
bugzilla.redhat.com/show_bug.cgi?id=1358270
bugzilla.redhat.com/show_bug.cgi?id=1358461
bugzilla.redhat.com/show_bug.cgi?id=1358832
bugzilla.redhat.com/show_bug.cgi?id=1359129
bugzilla.redhat.com/show_bug.cgi?id=1365983
bugzilla.redhat.com/show_bug.cgi?id=1365998
bugzilla.redhat.com/show_bug.cgi?id=1366048
bugzilla.redhat.com/show_bug.cgi?id=1366081
bugzilla.redhat.com/show_bug.cgi?id=1366242
bugzilla.redhat.com/show_bug.cgi?id=1366577
bugzilla.redhat.com/show_bug.cgi?id=1366620
bugzilla.redhat.com/show_bug.cgi?id=1371496
bugzilla.redhat.com/show_bug.cgi?id=1371848
bugzilla.redhat.com/show_bug.cgi?id=1372481
bugzilla.redhat.com/show_bug.cgi?id=1373919
bugzilla.redhat.com/show_bug.cgi?id=1375538
bugzilla.redhat.com/show_bug.cgi?id=1375972