admin_token and LDAP password show up in log in DEBUG mode
Bug #1172195 reported by
Thierry Carrez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Xu Han Peng | ||
Grizzly |
Fix Released
|
Low
|
Adam Gandelman |
Bug Description
This is a by-product of bug 1168252.
Keystone auth_token and LDAP password are not market "secret" so they appear in DEBUG level logs:
(keystone-all): 2013-04-23 23:17:09,101 DEBUG cfg log_opt_values admin_token = 111222333444
(keystone-all): 2013-04-23 23:17:09,108 DEBUG cfg log_opt_values ldap.password = None
CVE References
Changed in keystone: | |
assignee: | nobody → Xu Han Peng (xuhanp) |
status: | New → In Progress |
tags: | added: grizzly-backport-potential |
Changed in keystone: | |
importance: | Undecided → Low |
tags: | removed: grizzly-backport-potential |
Changed in keystone: | |
milestone: | none → havana-1 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | havana-1 → 2013.2 |
To post a comment you must log in.
Kurt assigned CVE-2013-2006 for the OpenStack keystone LDAP password disclosure in log files
http:// openwall. com/lists/ oss-security/ 2013/04/ 24/1