213 matches found
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
DEBIAN-CVE-2014-3621
The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...
PT-2014-5425 · Openstack +1 · Openstack Identity +1
Name of the Vulnerable Software and Affected Versions: OpenStack Identity Keystone versions prior to 2013.2.3 OpenStack Identity Keystone versions 2014.1 prior to 2014.1.2.1 Description: The issue allows remote authenticated users to read sensitive configuration options via a crafted endpoint. Th...
DEBIAN-CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
Design/Logic Flaw
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
PYSEC-2013-40
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
PYSEC-2013-40
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
keystone: DEBUG level LDAP password disclosure in log files
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
OpenStack Keystone不安全文件权限漏洞(CVE-2013-1977)
BUGTRAQ ID: 59310 CVECAN ID: CVE-2013-1977 OpenStack Keystone为OpenStack系列计划提供身份、令牌、目录和策略服务的项目。 Keystone.conf管理方式上存在安全漏洞,本地攻击者可利用此漏洞获取LDAP密码配置和admintoken。 0 openstack Keystone 厂商补丁: openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://lists.openstack.org/pipermail/openstack-announce/...