{"id":"PYSEC-2013-40","details":"OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.","modified":"2025-10-09T05:20:16.705652Z","published":"2013-05-21T18:55:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"WEB","url":"https://bugs.launchpad.net/ossn/+bug/1168252"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0806.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/04/24/1"},{"type":"WEB","url":"https://bugs.launchpad.net/keystone/+bug/1172195"},{"type":"WEB","url":"http://www.securityfocus.com/bid/59411"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/04/24/2"},{"type":"FIX","url":"https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html"}],"affected":[{"package":{"name":"keystone","ecosystem":"PyPI","purl":"pkg:pypi/keystone"},"ranges":[{"type":"GIT","repo":"https://github.com/openstack/keystone","events":[{"introduced":"0"},{"fixed":"c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["12.0.2","12.0.3","13.0.2","13.0.3","13.0.4","14.0.0","14.0.1","14.1.0","14.2.0","15.0.0","15.0.0.0rc1","15.0.0.0rc2","15.0.1","16.0.0","16.0.0.0rc1","16.0.0.0rc2","16.0.1","16.0.2","17.0.0","17.0.0.0rc1","17.0.0.0rc2","17.0.1","18.0.0","18.0.0.0rc1","18.1.0","19.0.0","19.0.0.0rc1","19.0.0.0rc2","19.0.1","20.0.0","20.0.0.0rc1","20.0.1","21.0.0","21.0.0.0rc1","21.0.1","22.0.0","22.0.0.0rc1","22.0.1","22.0.2","23.0.0","23.0.0.0rc1","23.0.1","23.0.2","24.0.0","24.0.0.0rc1","25.0.0","25.0.0.0rc1","26.0.0","26.0.0.0rc1","24.1.0","27.0.0","27.0.0.0rc1","28.0.0","28.0.0.0rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2013-40.yaml"}}],"schema_version":"1.7.3"}