Thanks Dolph for the feedback, here is a revised impact description draft:
Title: Keystone cache backend password leak in log
Reporter: Eric Brown (VMware)
Products: Keystone
Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3
Description:
Eric Brown from VMware reported a vulnerability in Keystone. An attacker with read access to Keystone logs may obtain sensitive data for certain backends, like a password for MongoDB. All Keystone setup are impacted.
Thanks Dolph for the feedback, here is a revised impact description draft:
Title: Keystone cache backend password leak in log
Reporter: Eric Brown (VMware)
Products: Keystone
Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3
Description:
Eric Brown from VMware reported a vulnerability in Keystone. An attacker with read access to Keystone logs may obtain sensitive data for certain backends, like a password for MongoDB. All Keystone setup are impacted.