Linux Distros Unpatched Vulnerability : CVE-2017-16613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy serve...

Debian DSA-4044-1 : swauth - security update

A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack. The authentication token for an user is saved in clear text to the log file, which could enable an attacker with access to the logs to bypass the authentication...

[SECURITY] [DSA 4044-1] swauth security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4044-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez November 21, 2017 https://www.debian.org/security/faq -...

CVE-2017-16613

CVE-2017-16613 affects OpenStack Swauth (middleware.py) when used with OpenStack Swift up to versions 2.15.1. The issue: the Swift object store and proxy may save unhashed authentication tokens to a log file as part of GET URIs, which enables an attacker to bypass authentication by injecting a to...