Enhanced Auditing installer lists passwords in plain text

book

Article ID: 100074600

calendar_today

Updated On:

Description

Error Message

None.

Cause

A component of the installation process did not handle sensitive data securely. This was remediated by updating the installation processing to encrypt/mask sensitive data during the installation.

Resolution

The issue was first discovered in CA 14.1.1 and DA 14.4.0, and may be present in other versions up to any fix version(s) listed below.

There are no plans to address this issue by way of a patch or hotfix in earlier versions of the software at the present time. However, the issue has been addressed in the revision of the product specified at the end of this article.

Please contact your Sales representative or the Sales group for upgrade information including upgrade eligibility to the release containing the resolution for this issue.

This issue is fixed in the following release(s), available in the Download Center at https://www.veritas.com/support:
- Enterprise Vault 15.1.3
- Enterprise Vault 15.2.1

Issue/Introduction

Enhanced Auditing is a feature used by Compliance Accelerator (CA)/Supervision and Discovery Accelerator (DA) to capture auditing data. The Enhanced Auditing installer uses PowerShell to execute the required installation commands during an Install, Modify or Repair mode. An issue was found whereby the ElasticSearch password provided to the installer was listed in plain text in one of the PowerShell commands.

Additional Information

JIRA: CFT-7174 JIRA: CFT-7415

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"