[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files
From: Thierry Carrez <thierry () openstack ! org>
Date: 2013-04-24 9:12:38
Message-ID: 5177A206.20201 () openstack ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Kurt Seifried wrote:
> So as part of https://bugs.launchpad.net/ossn/+bug/1168252 we have
> CVE-2013-1977 for the insecure file permissions (devstack/etc.).
> We also have the password being logged and exposed in the log
> files:
>
> https://review.openstack.org/#/c/26826/2/keystone/common/config.py
>
> Please use CVE-2013-2006 for this issue (password being logged to
> the log file).
This is tracked at https://bugs.launchpad.net/keystone/+bug/1172195
Note that it only affects DEBUG level logs.
- --
Thierry Carrez (ttx)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCAAGBQJRd6IDAAoJEFB6+JAlsQQjPTgP/0O+/scukQmmSf4LZ1ORtabK
Y7i+9yGPlFmm0EYCgbsr67Wj64uzUnWpLxpWPX33BqHRv+qSJeIMpi6qQ7kpPqFa
bDO3PrVdgicOn3sthTmhjOk2xds1V9cv7J7KwibcWRGTsBzdz3/9QgIvNWsyTFY5
s4KDXdjArHx2/POOFnEc54AlQdOZmSySRiSbYYoz8r6BF8y88S2eqAnxmrPh3oUW
fIQGA+SUahgEbNOLVI6/WrrjSJ9mAs4+9mRO/g5oGbXe1Q48O7LRlDPchPpCqO1d
2MH+w3n6gC64WVZksogn6P9KiI0tkd1er2AN1waMMtlfuYVz2kz++UGflqmbZr1e
Y34GNA1DLnK7nYhxP00ii1F4UtdBWQfg2AXrdiCeGP9iZ5S5oX/XAFHYsIVi4Hsv
l+h6achLa5g/0ujccT0lukMtTLsQky4uakhaiO+m1ur1iQ14dKwunBIeTpjCcBUe
TL3pc3hNL1e0MQf8FQbBoVpzSPXi7faiS448M/aB1cOUPGmiMhm0sb8n2yC+AHmq
PXPCjdkxWZt4H9+/HVQm760rA3bkUcE74ONUiW9wQUtY0YMTFENAFlw+J/xYaBkn
uiLuRXplLmnZ4iNBiUVVFpuT9UQgNhLhD+o32p1m5MprX8GSwRBWAjV9fHZqHevf
r/bT692V4jdx9SFYaGgW
=7BAD
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic