Comment 15 for bug 938315
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Updating password via keystoneclient CLI should be done securely. | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Proposed impact description...
Title: Keystone client local information disclosure
Reporter: Jake Dahn (Nebula)
Products: python-
Affects: All versions
Description:
Jake Dahn from Nebula reported a vulnerability that the keystone
client only allows passwords to be updated in a clear text
command-line argument, which may enable other local users to obtain
sensitive information by listing the process and potentially leaves
a record of the password within the shell command history.