I am a security researcher, who is looking for security smells in Ansible scripts.
I found instances where usernames and passwords are specified within a Ansible script.
According to the Common Weakness Enumeration organization this is a security weakness
(CWE-798: Hard-coded credentials https://cwe.mitre.org/data/definitions/798.html).
I am trying to find out if you agree with the findings and the reasons the usernames and passwords were introduced. Any feedback is appreciated.
These are default values that should be overloaded by user environment and given as an example.
I agree that it could be in an ansible vault or something dedicated to secret storage.
Greetings,
I am a security researcher, who is looking for security smells in Ansible scripts. I found instances where usernames and passwords are specified within a Ansible script. According to the Common Weakness Enumeration organization this is a security weakness (CWE-798: Hard-coded credentials https://cwe.mitre.org/data/definitions/798.html).
I am trying to find out if you agree with the findings and the reasons the usernames and passwords were introduced. Any feedback is appreciated.
Any feedback is appreciated.
Source: https://github.com/quarkslab/irma/blob/master/ansible/playbooks/group_vars/all.yml