RHUA password disclosure

Issue

We've found that using rhui-manager and providing user/pwd as an argument, another user can see our password if he
lists rhui-manager process.

Example of invocation:

# /usr/bin/rhui-manager --username admin --password fancypassword status --code

Example of ps:

root     28180  5.6  1.1 317620 21816 pts/0    R+   13:36   0:00 /usr/bin/python /usr/bin/rhui-manager --username admin --password fancypassword status --code

Version affected is RHUI 2.1-2

[root@xxx log]# rpm -qa | egrep "rhua|rhui"
gofer-0.65.rhui-1.el6_3.noarch
rh-rhui-tools-debug-script-2.1.19-1.el6_4.noarch
grinder-0.0.138.2-1.el6_4.rhui.noarch
gofer-package-0.65.rhui-1.el6_3.noarch
rh-rhui-tools-2.1.19-1.el6_4.noarch
rh-rhua-config-2.1-2.el6.noarch
python-gofer-0.65.rhui-1.el6_3.noarch
rh-rhua-selinux-policy-0.0.6-1.el6.noarch

Could it be possible to replace the password with *'s or something like that in order to not disclose our password?

Environment

Red Hat Update Infrastructure 2.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?