CVE-2013-2006

Published: May 21, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd

x_refsource_CONFIRM

59411

vdb-entry

x_refsource_BID

FEDORA-2013-8048

vendor-advisory

x_refsource_FEDORA

https://bugs.launchpad.net/ossn/+bug/1168252

x_refsource_CONFIRM

RHSA-2013:0806

vendor-advisory

x_refsource_REDHAT

[oss-security] 20130423 CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files

mailing-list

x_refsource_MLIST

FEDORA-2013-8023

vendor-advisory

x_refsource_FEDORA

https://bugs.launchpad.net/keystone/+bug/1172195

x_refsource_CONFIRM

[oss-security] 20130424 Re: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-2006

Description

Affected Products

References