I am a security researcher, who is looking for security smells in Puppet scripts. I noticed instances of empty passwords. Empty passwords increase the guessability of passwords. The Common Weakness Organization (CWE) identifies use of empty passwords as a security weakness (https://cwe.mitre.org/data/definitions/258.html).
I suggest that to follow the strong password guidelines, and manage passwords with hiera.
Greetings,
I am a security researcher, who is looking for security smells in Puppet scripts. I noticed instances of empty passwords. Empty passwords increase the guessability of passwords. The Common Weakness Organization (CWE) identifies use of empty passwords as a security weakness (https://cwe.mitre.org/data/definitions/258.html).
I suggest that to follow the strong password guidelines, and manage passwords with hiera.
Any feedback is appreciated.
Source: https://github.com/lightblue-platform/lightblue-puppet/blob/master/manifests/eap/webconnector.pp