Comment 16 for bug 1443598
Revision history for this message
| Thierry Carrez (ttx) wrote Re: backend_argument containing a password leaked in logs | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Alternate proposal:
Title: Potential Keystone cache backend password leak in log
Reporter: Eric Brown (VMware)
Products: Keystone
Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3
Description:
Eric Brown from VMware reported a vulnerability in Keystone. The backend_argument configuration option content is being logged, and it may contain sensitive information for specific backends (like a password for MongoDB). An attacker with read access to Keystone logs may therefore obtain sensitive data about certain backends, . All Keystone setups are potentially impacted.
NB: Kilo is not affected.