Comment 3 for bug 1443598
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: backend_argument containing a password leaked in logs | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
In case we do issue an advisory, assuming only MongoDB backend is affected, here is the impact description draft:
Title: Keystone cache backend password leak in log
Reporter: Eric Brown (VMware)
Products: Keystone
Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3
Description:
Eric Brown from VMware reported a vulnerability in Keystone. An attacker with read access to Keystone logs may obtain the authentication information used to access the cache backend. Only Keystone setup using a password protected MongoDB as a cache backend are impacted.