CVE-2013-2013 Information

Description

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the –password argument which allows local users to obtain sensitive information by listing the process.

Reference

http://www.openwall.com/lists/oss-security/2013/05/23/4 https://bugs.launchpad.net/python-keystoneclient/+bug/938315 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16937