CVE-2013-2006
keystone: DEBUG level LDAP password disclosure in log files
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
OpenStack Identity (Keystone) Grizzly 2013.1.1 cuando el modo DEBUG para el login está activado, registra (1) admin_token and (2) LDAP password en texto plano, lo que permite a usuarios locales obtener información sensible leyendo el archivo de log.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-05-09 CVE Published
- 2022-04-24 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/04/24/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2013/04/24/2 | Mailing List |
|
| http://www.securityfocus.com/bid/59411 | Vdb Entry | |
| https://bugs.launchpad.net/keystone/+bug/1172195 | X_refsource_confirm | |
| https://bugs.launchpad.net/ossn/+bug/1168252 | X_refsource_confirm | |
| https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://github.com/LogSec/CVE-2013-2006 | 2022-04-24 |
| URL | Date | SRC |
|---|