OSSA-2013-013: Keystone client local information disclosure

Date:May 23, 2013
CVE:CVE-2013-2013

Affects

  • Python-keystoneclient: All versions

Description

Jake Dahn from Nebula reported a vulnerability that the keystone client only allows passwords to be updated in a clear text command- line argument, which may enable other local users to obtain sensitive information by listing the process and potentially leaves a record of the password within the shell command history.

Credits

  • Jake Dahn from Nebula (CVE-2013-2013)