[virt-tools-list] [virt-manager PATCH 2/2] unattended: Don't log user & admin passwords
Cole Robinson
crobinso at redhat.com
Wed Jul 3 18:29:06 UTC 2019
On 7/3/19 2:16 PM, Peter Crowther wrote:
> It's an information disclosure vulnerability - if I happen to use a
> password that matches something in the script, then a diligent reader of
> the log file can discern my password.
>
> Of course, I shouldn't be using that weak a password. But people do.
>
The pushed patch fixed this issue
Thanks,
Cole
More information about the virt-tools-list
mailing list