CVE-2013-2006

Published: May 21, 2013Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

Affected (1)

Products: Openstack: Keystone

Openstack

1 product

Keystone

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Keystone	Version 2013.1.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0806.html

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/04/24/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/04/24/2

Source: secalert@redhat.com

http://www.securityfocus.com/bid/59411

Source: secalert@redhat.com

https://bugs.launchpad.net/keystone/+bug/1172195

Source: secalert@redhat.com

https://bugs.launchpad.net/ossn/+bug/1168252

Source: secalert@redhat.com

https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html