PT-2013-3500 · Openstack · Openstack Devstack

Kseifried

Published

2013-05-21

Updated

2013-05-22

CVE-2013-1977

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack devstack (affected versions not specified)

Description The issue allows local users to obtain sensitive information, including the LDAP password and admin token secret, by reading the keystone.conf file due to its world-readable permissions.

Recommendations For devstack, consider changing the permissions of the keystone.conf file to restrict read access to authorized users only, until a more permanent fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-1977

Affected Products

Openstack Devstack

PT-2013-3500 · Openstack · Openstack Devstack

CVE-2013-1977

Weakness Enumeration

Related Identifiers

Affected Products

References · 4