-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| python-keystoneclient | pip | < 0.2.4 | 0.2.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the password being passed as a CLI argument. The patch modified do_user_password_update to make --pass optional and added interactive prompting. The pre-patch version enforced --pass as required (required=True), exposing passwords via process listings. The function's direct use of args.passwd without secure input handling confirms its role in the vulnerability.