0007479: Command 'mount' discloses credentials.

The mount command, when issued without arguments, shows all currently mounted filesystems. For CIFS mounts, you need to supply credentials via /etc/fstab. The mount command in listing mode is disclosing the authorisation credentials for the share, which is a severe security issue.<br /> <br /> /etc/fstab entry:<br /> <br /> //192.168.1.18/history /var/storage/history cifs rw,user=Administrator,password=REDACTED,domain=INTERNALGROUP,uid=502,gid=48 0 0<br /> <br /> Output of `mount`:<br /> <br /> //192.168.1.18/history on /var/storage/history type cifs (rw,user=Administrator,password=REDACTED,domain=INTERNALGROUP,uid=502,gid=48)<br /> <br /> Both the user and password options should be sanitised in mount's output, so as not to expose credentials.<br /> <br /> I've checked against some SuSE systems, and their version of mount supplies only the options (rw,mand). This is definitely a CentOS (and probably RH) issue with the version of mount being used.