chef is vulnerable to information disclosure. When you knife bootstrap a node, the validation key is printed into the logs found at /var/log/messages
.
www.openwall.com/lists/oss-security/2015/12/14/14
discourse.chef.io/t/chef-infra-client-15-4-45-released/16081
github.com/chef/chef/blob/v13.5.11/lib/chef/knife/bootstrap/templates/chef-full.erb#L193
github.com/chef/chef/commit/85f3b203882d68ef77da3933c3c4790c2e6d3555
github.com/chef/chef/issues/3871
github.com/chef/chef/pull/8885