Assigned a CVE for this as per http://openwall.com/lists/oss-security/2013/04/26/6
While auditing OpenStack bugs for flaws needing CVE's I came across this (as of yet unfixed) one:
https://bugs.launchpad.net/python-keystoneclient/+bug/938315
[root@...s ~]# keystone user-password-update --user=jake usage: keystone user-password-update --pass <password> <user-id> keystone user-password-update: error: too few arguments
This class of vuln typically gets a CVE.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=command+line+password
CVE text:
OpenStack keystone places a username and password on the command line, which allows local users to obtain credentials by listing the process.
Please use CVE-2013-2013 for this issue.
Assigned a CVE for this as per http:// openwall. com/lists/ oss-security/ 2013/04/ 26/6
While auditing OpenStack bugs for flaws needing CVE's I came across
this (as of yet unfixed) one:
https:/ /bugs.launchpad .net/python- keystoneclient/ +bug/938315
[root@...s ~]# keystone user-password- update --user=jake update --pass <password> <user-id> update: error: too few arguments
usage: keystone user-password-
keystone user-password-
This class of vuln typically gets a CVE.
http:// cve.mitre. org/cgi- bin/cvekey. cgi?keyword= command+ line+password
CVE text:
OpenStack keystone places a username and password on the command line,
which allows local users to obtain credentials by listing the process.
Please use CVE-2013-2013 for this issue.