Ovirt · Ovirt Engine · CVE-2016-6341
**Name of the Vulnerable Software and Affected Versions**
oVirt Engine versions prior to 4.0.3
**Description**
The issue allows local users to obtain sensitive password information by reading engine log files, as the `DWH DB PASSWORD` is not included in the list of keys to hide in log files.
**Recommendations**
For versions prior to 4.0.3, update to version 4.0.3 or later to include `DWH DB PASSWORD` in the list of keys to hide in log files, preventing local users from obtaining sensitive password information.