CVE-2013-2006

2013-05-2100:00:00

ubuntu.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is
enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which
allows local users to obtain sensitive by reading the log file.

Bugs

<https://bugs.launchpad.net/keystone/+bug/1172195>

Notes

Author	Note
jdstrand	requires debug logging to be set in keystone.conf. On 12.10 and higher, keystone.conf warns about passwords. Furthermore, level=WARNING is used in logging.conf 12.04 uses debug = True, but has level=WARNING in logging.conf and the log files are not readable on the system (ie the /var/log/keystone directory is 0700) Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon fix requires a conffile change to fix non-default configurations that are marginally affected

Author

Note

jdstrand

requires debug logging to be set in keystone.conf. On 12.10 and higher, keystone.conf warns about passwords. Furthermore, level=WARNING is used in logging.conf 12.04 uses debug = True, but has level=WARNING in logging.conf and the log files are not readable on the system (ie the /var/log/keystone directory is 0700) Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon fix requires a conffile change to fix non-default configurations that are marginally affected