Hughsie

**Name of the Vulnerable Software and Affected Versions** fwupd (affected versions not specified) **Description** The issue is related to the fwupd daemon for managing firmware updates in Linux-based systems. When creating an OPERATOR user account on the BMC, the redfish plugin saves the auto-generated password to `/etc/fwupd/redfish.conf` without proper restrictions. This allows any user on the system to read the same configuration file, potentially granting access to confidential information. **Recommendations** For all affected versions, consider restricting access to the `/etc/fwupd/redfish.conf` file to minimize the risk of exploitation. As a temporary workaround, limit the permissions of the `redfish.conf` file to prevent unauthorized users from reading the auto-generated password.