Skip to main content

Insufficiently Protected Credentials

CVE-2022-0718

Severity Medium
Score 4.9/10

Summary

A flaw was found in python-oslo-utils versions through 4.6.0, 4.7.0 through 4.8.0, 4.9.0 through 4.10.0 and 4.11.0 through 4.12.0. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • HIGH
  • HIGH
  • NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Advisory Timeline

  • Published