Nitzmahone

**Name of the Vulnerable Software and Affected Versions** Ansible Engine versions prior to 2.9 **Description** The issue allows for 'become' passwords to appear in EventLogs in plaintext when executing Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled. A local user with administrator privileges can view these logs and discover the plaintext password. **Recommendations** For Ansible Engine versions prior to 2.9, consider disabling PowerShell ScriptBlock logging and Module logging as a temporary workaround to prevent plaintext passwords from being logged. Restrict access to EventLogs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.