Comment 14 for bug 1168252

2/ LDAP password config option is not marked "secret" so it MAY show in logs
That's what the proposed fix actually fixes. I'm not sure the LDAp password is actually logged anywhere, but marking it secret actually makes sure it would not show if that was the case. This should be filed as a separate bug.

so for this I assigned CVE-2013-2006 (http://seclists.org/oss-sec/2013/q2/164)