keystone logs password in log message
Bug #1427533 reported by
Haneef Ali
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Critical
|
Dolph Mathews | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Current master branch logs request at
https:/
Sample log
(keystone.
c^[:^C
If do url decode, you can easily see the user's password
Changed in keystone: | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in keystone: | |
milestone: | none → kilo-3 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-3 → 2015.1.0 |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.