Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon,  4 May 2015 12:55:11 -0400 (EDT)
From: cve-assign@...re.org
To: tristan.cacqueray@...vance.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for vulnerability in OpenStack Keystone

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Title: Potential Keystone cache backend password leak in log
> Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3

> The
> backend_argument configuration option content is being logged, and it
> may contain sensitive information for specific backends (like a password
> for MongoDB). An attacker with read access to Keystone logs may
> therefore obtain sensitive data

> https://launchpad.net/bugs/1443598

> there are other backends provided by dogpile that support
> authentication through "arguments" (which keystone exposes as
> "backend_arguments"):

> In addition, custom cache backend implementations could also utilize
> backend_arguments. All of those would be affected as well.

Use CVE-2015-3646.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVR6IJAAoJEKllVAevmvms/qkH/3xbAcGsfGXCxlscmRmfInDR
3LoP1RjtJrn3NSYhUTBj8dNXT5qnD0W7uf2WtUh5l1nRQ4O1qWJvMGizNTHZVtfi
dkONWWk33bYg8nNwmlrS1Famy4i7i7yCFRbcpOTaYXad668dzSp0xLq4gcrTlR2A
uXySvJ/ohW8fSzbAtD6yh03JEB6iZ5yV1aYYJHiLc+DIq7ptymOEQ4DRbUqb8EAT
WL12gOTrL/cAPZsX/s5REnEJ10gYwif7Bpl3lRKELLK4tCPw2mIcZHfih+0HJCw3
ntqJg1T8KEYUkgrWnoiQOig1lPQBq2UeFdPB+eYvpPShJHLjqtwEum1XDlkR1fI=
=/tHl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.