Problem
Enhanced Auditing is a feature used by Compliance Accelerator (CA)/Supervision and Discovery Accelerator (DA) to capture auditing data. The Enhanced Auditing installer uses PowerShell to execute the required installation commands during an Install, Modify or Repair mode. An issue was found whereby the ElasticSearch password provided to the installer was listed in plain text in one of the PowerShell commands.
Error Message
None.
Cause
A component of the installation process did not handle sensitive data securely. This was remediated by updating the installation processing to encrypt/mask sensitive data during the installation.
Solution
The issue was first discovered in CA 14.1.1 and DA 14.4.0, and may be present in other versions up to any fix version(s) listed below.
There are currently no plans to address this issue through a patch or hotfix in the current or previous versions of the software. However, it is scheduled to be resolved in the next major product revision. Please note that the product engineering team reserves the right to remove any fix from the targeted release if it does not pass quality assurance tests. Our plans are subject to change, and any actions you take based on this information, or your reliance on it, are at your own risk.
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.