Andrew Cathrow

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Virtualization Manager versions 3.1 and earlier **Description** The issue affects the domain management tool, specifically when the validate action is enabled, causing the administrative password to be logged to a world-readable log file. This allows local users to obtain sensitive information by reading the log file. **Recommendations** For Red Hat Enterprise Virtualization Manager versions 3.1 and earlier, consider disabling the validate action in the domain management tool to prevent the administrative password from being logged to a world-readable log file. Restrict access to the log file to minimize the risk of exploitation.