Comment 11 for bug 1443598
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: backend_argument containing a password leaked in logs | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Thanks Dolph for the feedback, here is a revised impact description draft:
Title: Keystone cache backend password leak in log
Reporter: Eric Brown (VMware)
Products: Keystone
Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3
Description:
Eric Brown from VMware reported a vulnerability in Keystone. An attacker with read access to Keystone logs may obtain sensitive data for certain backends, like a password for MongoDB. All Keystone setup are impacted.