Ok the CVE I assigned (CVE-2013-1977 as per http://seclists.org/oss-sec/2013/q2/126) covers the default devstack (git clone https://github.com/openstack-dev/devstack.git ; cd devstack && ./stack.sh ) which creates:
drwxr-xr-x. 3 stack root 4096 Apr 19 18:39 /etc/keystone -rw-rw-r--. 1 stack stack 10251 Apr 19 18:33 /etc/keystone/keystone.conf
which exposes the above secrets. If things are ALSO exposed in the log files that a second security issue as well and I'll assign a CVE for it.
Ok the CVE I assigned (CVE-2013-1977 as per http:// seclists. org/oss- sec/2013/ q2/126) covers the default devstack (git clone https:/ /github. com/openstack- dev/devstack. git ; cd devstack && ./stack.sh ) which creates:
drwxr-xr-x. 3 stack root 4096 Apr 19 18:39 /etc/keystone keystone. conf
-rw-rw-r--. 1 stack stack 10251 Apr 19 18:33 /etc/keystone/
which exposes the above secrets. If things are ALSO exposed in the log files that a second security issue as well and I'll assign a CVE for it.