Passwords stored in 'secrets' are not visible

Information

The secrets list stores passwords that are required for remote storage connections or other purposes. These passwords may be visible in clear-text to anyone able to log into the host.

http://blog.403labs.com/post/57428499719/revealing-xenserver-storage-repository-secrets

Solution

Use generic, least-privileged accounts that only have access to the storage repositories. Never mount storage repositories with a privileged Active Directory account.

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5h.

Plugin: Unix

Control ID: 763aa6859c63ccd4ac09509452cbb940ba185b5269b4b1c83e1b4710bd7c1fa0