Bug #3060: Remove YAML host permissions from basic users, - Foreman

Actions

Copy link

Bug #3060

open

Remove YAML host permissions from basic users,

Added by Jim Perrin over 10 years ago. Updated about 7 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Users, Roles and Permissions

Target version:

Difficulty:

Triaged:

Bugzilla link:

1437789

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

A default user with no permissions granted, can view a host and click the 'yaml' option, which will output a rootpw hash. This is not ideal and with the appropriate rainbow tables or similar toolkit could lead to a compromise.

Related issues 2 (1 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

	Related to Foreman - Bug #2069: (encrypted) root passwords are world readable	Closed	Dominic Cleal	10/07/2009			Actions
	Related to Foreman - Bug #5878: Reports - view_reports role gives view_hosts role	New		05/22/2014			Actions

Project

General

Profile

Custom queries

Bug #3060

Remove YAML host permissions from basic users,

Updated by Dominic Cleal over 10 years ago

Updated by Dominic Cleal over 10 years ago

Updated by Dominic Cleal almost 10 years ago

Updated by Tomer Brisker about 7 years ago