The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-10-08T19:00:00
Updated: 2024-08-06T12:40:19.265Z
Reserved: 2014-09-29T00:00:00
Link: CVE-2014-7231
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-10-08T19:55:04.500
Modified: 2024-11-21T02:16:34.520
Link: CVE-2014-7231
Redhat