Support Migration Notice: To update migrated JIRA cases click here to open a new case use www.vmware.com/go/sr | vFabric Hyperic 5.7.0 is Now Available

Hyperic HQ

HQ Server installer console/log shows admin user password text

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 4.x Sprint 25
  • Fix Version/s: 4.6, 4.x Sprint 27
  • Environment:
    Build 4.6.0.BUILD-20110707.100433-235
  • Case Links:
    none
  • Regression:
    No
  • Story Points:
    1

Description

The HQ Server installer console/log displays the admin user password text.

The installer console/log snippet is as follows:

Installation Complete:
Server successfully installed to: /home/ssbt/server-4.6.0.BUILD-SNAPSHOT-EE
--------------------------------------------------------------------------------

You can now start your HQ server by running this command:

/home/ssbt/server-4.6.0.BUILD-SNAPSHOT-EE/bin/hq-server.sh start

Note that the first time the HQ server starts up it may take several minutes
to initialize. Subsequent startups will be much faster.

Once the HQ server reports that it has successfully started, you can log in
to your HQ server at:

http://vmc-ssrc-rh103.eng.vmware.com:7080/
username: hqadmin
password: password

To change your password, log in to the HQ server, click the "Administration"
link, choose "List Users", then click on the "hqadmin" user.

Setup completed.

Activity

Hide
David Crutchfield added a comment -

This has always been the case. Maybe it's a good thing for the installing user to see what was entered during the install and the responsibility left with the user to deleted or store the file in a secure location. Thoughts?

Show
David Crutchfield added a comment - This has always been the case. Maybe it's a good thing for the installing user to see what was entered during the install and the responsibility left with the user to deleted or store the file in a secure location. Thoughts?
Hide
Annie Chen added a comment -

It's also shown in hq-install.log and hq-install.log.verbose

Show
Annie Chen added a comment - It's also shown in hq-install.log and hq-install.log.verbose
Hide
Annie Chen added a comment -

The issue is documented here https://wiki.springsource.com/display/hyperic/Securing+HQ
in section: "7. Critical Risk – Sensitive Information is Logged"

"Considering the log is in "installer" folder which will should be deleted and will not be used after server and agent installation. We do not plan to remove the sensitive information under installer folder. Please be noted to clean those logs or the entire installer folder, or keep it in a safe place after the installation."

Show
Annie Chen added a comment - The issue is documented here https://wiki.springsource.com/display/hyperic/Securing+HQ in section: "7. Critical Risk – Sensitive Information is Logged" "Considering the log is in "installer" folder which will should be deleted and will not be used after server and agent installation. We do not plan to remove the sensitive information under installer folder. Please be noted to clean those logs or the entire installer folder, or keep it in a safe place after the installation."

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
    Last comment:
    2 years, 40 weeks, 2 days ago