Justin R. Beckley

**Name of the Vulnerable Software and Affected Versions** FAI versions 2.10.1 through 3.1.2 **Description** The issue concerns the storage of sensitive information. In verbose mode, the `save log local` function stores the root password hash in a log file. This file can be copied to other hosts under certain conditions, potentially allowing attackers to obtain the hash. **Recommendations** For FAI version 2.10.1, consider disabling verbose mode to prevent the storage of the root password hash in the log file. For FAI version 3.1.2, restrict access to the log file to minimize the risk of the hash being obtained by unauthorized parties. As a temporary workaround, consider modifying the file permissions of /var/log/fai/current/fai.log to prevent it from being copied to other hosts when fai-savelog is called.