CVE-2013-2006

keystone: DEBUG level LDAP password disclosure in log files

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

OpenStack Identity (Keystone) Grizzly 2013.1.1 cuando el modo DEBUG para el login está activado, registra (1) admin_token and (2) LDAP password en texto plano, lo que permite a usuarios locales obtener información sensible leyendo el archivo de log.

The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. These updated packages have been upgraded to upstream version 2012.2.4, which provides a number of bug fixes over the previous version. This update also fixes the following security issue: In environments using LDAP, if debug-level logging was enabled, the LDAP server password was logged in plain text to a world-readable log file. Debug-level logging is not enabled by default.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-05-09 CVE Published
2022-04-24 First Exploit
2024-08-06 CVE Updated
2025-06-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (12)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2013/04/24/1	Mailing List
http://www.openwall.com/lists/oss-security/2013/04/24/2	Mailing List
http://www.securityfocus.com/bid/59411	Vdb Entry
https://bugs.launchpad.net/keystone/+bug/1172195	X_refsource_confirm
https://bugs.launchpad.net/ossn/+bug/1168252	X_refsource_confirm
https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd	X_refsource_confirm

URL	Date	SRC
https://github.com/LogSec/CVE-2013-2006	2022-04-24

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html	2014-05-05
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html	2014-05-05
http://rhn.redhat.com/errata/RHSA-2013-0806.html	2014-05-05
https://access.redhat.com/security/cve/CVE-2013-2006	2013-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=956007	2013-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Keystone Search vendor "Openstack" for product "Keystone"				2013.1.1 Search vendor "Openstack" for product "Keystone" and version "2013.1.1"		-		Affected