Information Disclosure

2019-01-1508:52:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

openstack-keystone is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

CPENameOperatorVersion
openstack-keystoneeq2012.2.3__7.el6ost
openstack-keystoneeq2012.2.3__4.el6ost
openstack-keystoneeq2012.2.3__8.el6ost
openstack-keystoneeq2012.2.3__3.el6ost
openstack-keystoneeq2012.1.3__3.el6
openstack-keystoneeq2012.2.1__1.el6ost
openstack-keystoneeq2012.2.1__3.el6ost
openstack-keystoneeq2012.1.2__4.el6
openstack-keystoneeq2012.1.1__1.el6

Name	Operator	Version
openstack-keystone	eq	2012.2.3__7.el6ost
openstack-keystone	eq	2012.2.3__4.el6ost
openstack-keystone	eq	2012.2.3__8.el6ost
openstack-keystone	eq	2012.2.3__3.el6ost
openstack-keystone	eq	2012.1.3__3.el6
openstack-keystone	eq	2012.2.1__1.el6ost
openstack-keystone	eq	2012.2.1__3.el6ost
openstack-keystone	eq	2012.1.2__4.el6
openstack-keystone	eq	2012.1.1__1.el6