During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cockpit-ovirt | Ovirt | - (including) | - (including) |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | cockpit-ovirt-0:0.13.5-1.el7ev | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | imgbased-0:1.1.9-0.1.el7ev | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-release-virtualization-host-0:4.3.5-2.el7ev | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-virtualization-host-0:4.3.5-20190722.0.el7_7 | * |