Local Information Disclosure in Keystone Client by OpenStack
CVE-2013-2013
Currently unrated
Summary
The user-password-update command in the Keystone Client for OpenStack allows local users to exploit the --password argument to potentially expose sensitive information. This can be achieved by listing the process and retrieving passwords that should otherwise remain confidential. It is important for users of versions prior to 0.2.4 to be aware of this security flaw and implement necessary precautions.
References
Timeline
Vulnerability published
Vulnerability Reserved