puppet-gitlab icon indicating copy to clipboard operation
puppet-gitlab copied to clipboard

Published 20 hours ago verified publisher icon sbadia

Keeping empty passwords is a bad practice

Open akondasif opened this issue 6 years ago • 0 comments

Greetings,

I am a security researcher, who is looking for security smells in Puppet scripts. I noticed instances of empty passwords. Empty passwords increase the guessability of passwords. The Common Weakness Organization (CWE) identifies use of empty passwords as a security weakness (https://cwe.mitre.org/data/definitions/258.html).

I suggest that to follow the strong password guidelines, and manage passwords with hiera.

Any feedback is appreciated.

Source: https://github.com/sbadia/puppet-gitlab/blob/master/manifests/params.pp

akondasif avatar Jul 15 '18 15:07 akondasif