Beyond Security Blog

OpenShift Container Platform Cleartext Storage of Sensitive Information Vulnerability


A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled.


The information has been provided by Stefan Schimanski

The original article can be found at:


This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.

Vulnerable Systems:

OpenShift Container Platform

CVE Information:


Disclosure Timeline:
Published Date:5/12/2020


SecuriTeam is a small group within Beyond Security dedicated to bringing you the latest news and utilities in computer security.

Please visit our central security portal at to keep up-to-date with the latest security research and read our archives containing over 10,000 articles about CVEs and zero-day exploits.

Contact Us

By clicking Submit, I agree to the use of my personal data in accordance with the Beyond Security Privacy Policy. Beyond Security will not sell, trade, lease, or rent your personal data to third parties.