During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console
Claws Mail vCalendar plugin: credentials exposed on interface
CloudForms stores user passwords in recoverable format
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the sig...
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "de...