Am I Affected?
You are affected if you use the nixpkgs
package kanidmWithSecretProvisioning
and have provisioned the admin
or idm_admin
credentials via secret provisioning. This is the case if you have enabled the NixOS module option services.kanidm.provision.enable
and used either services.kanidm.provision.adminPasswordFile
or services.kanidm.provision.idmAdminPasswordFile
.
Impact
The provisioned admin credentials are leaked into the system logs.
Patches
The issue has been fixed in oddlama/kanidm-provision v1.2.0.
The corresponding patchsets in nixpkgs
have been updated in:
- NixOS unstable: https://github.com/NixOS/nixpkgs/pull/392031 (PR progress tracker)
- NixOS 24.11: https://github.com/NixOS/nixpkgs/pull/392339 (PR progress tracker)