[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files
From:       Thierry Carrez <thierry () openstack ! org>
Date:       2013-04-24 9:12:38
Message-ID: 5177A206.20201 () openstack ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kurt Seifried wrote:
> So as part of https://bugs.launchpad.net/ossn/+bug/1168252 we have 
> CVE-2013-1977 for the insecure file permissions (devstack/etc.).
> We also have the password being logged and exposed in the log
> files:
> 
> https://review.openstack.org/#/c/26826/2/keystone/common/config.py
> 
> Please use CVE-2013-2006 for this issue (password being logged to
> the log file).

This is tracked at https://bugs.launchpad.net/keystone/+bug/1172195
Note that it only affects DEBUG level logs.

- -- 
Thierry Carrez (ttx)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJRd6IDAAoJEFB6+JAlsQQjPTgP/0O+/scukQmmSf4LZ1ORtabK
Y7i+9yGPlFmm0EYCgbsr67Wj64uzUnWpLxpWPX33BqHRv+qSJeIMpi6qQ7kpPqFa
bDO3PrVdgicOn3sthTmhjOk2xds1V9cv7J7KwibcWRGTsBzdz3/9QgIvNWsyTFY5
s4KDXdjArHx2/POOFnEc54AlQdOZmSySRiSbYYoz8r6BF8y88S2eqAnxmrPh3oUW
fIQGA+SUahgEbNOLVI6/WrrjSJ9mAs4+9mRO/g5oGbXe1Q48O7LRlDPchPpCqO1d
2MH+w3n6gC64WVZksogn6P9KiI0tkd1er2AN1waMMtlfuYVz2kz++UGflqmbZr1e
Y34GNA1DLnK7nYhxP00ii1F4UtdBWQfg2AXrdiCeGP9iZ5S5oX/XAFHYsIVi4Hsv
l+h6achLa5g/0ujccT0lukMtTLsQky4uakhaiO+m1ur1iQ14dKwunBIeTpjCcBUe
TL3pc3hNL1e0MQf8FQbBoVpzSPXi7faiS448M/aB1cOUPGmiMhm0sb8n2yC+AHmq
PXPCjdkxWZt4H9+/HVQm760rA3bkUcE74ONUiW9wQUtY0YMTFENAFlw+J/xYaBkn
uiLuRXplLmnZ4iNBiUVVFpuT9UQgNhLhD+o32p1m5MprX8GSwRBWAjV9fHZqHevf
r/bT692V4jdx9SFYaGgW
=7BAD
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]