https://bugzilla.suse.com/show_bug.cgi?id=1225432 Bug ID: 1225432 Summary: [Agama][Milestone8+] iSCSI Discovery Passwords are logged into y2log in plain text Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers@suse.de Reporter: locilka@suse.com QA Contact: jsrain@suse.com Target Milestone: --- Found By: --- Blocker: --- Created attachment 875149 --> https://bugzilla.suse.com/attachment.cgi?id=875149&action=edit Snippet of the log When iSCSI Targets are being discovered in Agama, the iSCSI library logs all the details. Sadly, also including passwords. How to reproduce? Easily -> Start Agama Installer -> Go to Storage details -> Click Prepare devices by configuring advanced storage technologies -> Choose iSCSI -> Click Discover iSCSI targets -> Fill-up some users/passwords -> Click Confirm This will be most probably the same in YaST as well because it uses the same library. BTW, there are two entries for user/password, but you can see only the first one in the log. That's most probably because the second one would be used later, if the first one succeeds (not my case). Additionally, even the save_y2logs script does not remove the passwords. maybe because the string in the log this: {"name"=>"discovery.sendtargets.auth.password", "value"=>"and their password", "kind"=>"value", "type"=>1, "comment"=>""} -- You are receiving this mail because: You are on the CC list for the bug.