[Openstack-security] [openstack/keystone] SecurityImpact review request change I774170ff1649bd3b55c6849ed07824bcddecea75

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Thu Jun 12 17:01:29 UTC 2014


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/99715

Log:
commit 857803885a851735a70835127dfb0a7001ff9c00
Author: Morgan Fainberg <morgan.fainberg at gmail.com>
Date:   Thu Jun 12 09:54:00 2014 -0700

    SHA1 is not valid for CMS hashing
    
    SHA1 is not a valid target for CMS hashing since it is being used
    to obscure the tokens in the debug output of the keystoneclient
    session object. This is to prevent a case where the debug output
    could contain a valid token.
    
    Sample config has also been updated.
    
    SecurityImpact
    
    Change-Id: I774170ff1649bd3b55c6849ed07824bcddecea75





More information about the Openstack-security mailing list