[Openstack-security] [Bug 938315] Re: Updating password via keystoneclient CLI should be done securely.
Jeremy Stanley
fungi at yuggoth.org
Wed May 22 20:01:22 UTC 2013
Proposed impact description...
Title: Keystone client local information disclosure
Reporter: Jake Dahn (Nebula)
Products: python-keystoneclient
Affects: All versions
Description:
Jake Dahn from Nebula reported a vulnerability that the keystone
client only allows passwords to be updated in a clear text
command-line argument, which may enable other local users to obtain
sensitive information by listing the process and potentially leaves
a record of the password within the shell command history.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/938315
Title:
Updating password via keystoneclient CLI should be done securely.
Status in Python client library for Keystone:
Fix Committed
Bug description:
Updating password via CLI should be done via a secure password prompt,
not text.
current: keystone user-password-update --user=jake --password=foo
expected: keystone user-password-update --user=jake
Password:
Repeat Password:
To manage notifications about this bug go to:
https://bugs.launchpad.net/python-keystoneclient/+bug/938315/+subscriptions
More information about the Openstack-security
mailing list