Comment 6 for bug 1492140
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: consoleauth token displayed in log file | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Assuming this affects all Nova setups, here is the impact description:
Title: Potential leak of consoleauth token into log files
Reporter: Paul Carlton (HP)
Products: Nova
Affects: versions through 2014.2.3, and 2015.1 versions through 2015.1.1
Description:
Paul Carlton from HP reported a vulnerability in Nova. An attacker with read access to the services’ logs may obtain token used for console access. All Nova setups are affected.