[virt-tools-list] [virt-manager PATCH 2/2] unattended: Don't log user & admin passwords

Cole Robinson crobinso at redhat.com
Wed Jul 3 18:29:06 UTC 2019


On 7/3/19 2:16 PM, Peter Crowther wrote:
> It's an information disclosure vulnerability - if I happen to use a
> password that matches something in the script, then a diligent reader of
> the log file can discern my password.
> 
> Of course, I shouldn't be using that weak a password. But people do. 
> 

The pushed patch fixed this issue

Thanks,
Cole




More information about the virt-tools-list mailing list