Lucene search
MitreCVELIST:CVE-2021-38155HistoryAug 06, 2021 - 12:00 a.m.
CVE-2021-38155
2021-08-0600:00:00
mitre
www.cve.org
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account’s corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.
Related
debiancve
debiancve
CVE-2021-38155
2021-08-06 21:15:06
prion
prion
Information disclosure
2021-08-06 21:15:00
nvd
nvd
CVE-2021-38155
2021-08-06 21:15:06
github
github
OpenStack Keystone allows information disclosure during account locking
2022-05-24 19:10:15
cve
cve
CVE-2021-38155
2021-08-06 21:15:06
ubuntucve
ubuntucve
CVE-2021-38155
2021-08-06 00:00:00
osv
osv
CVE-2021-38155
2021-08-06 21:15:06
keystone - security update
2024-01-21 00:00:00
debian
debian
[SECURITY] [DLA 3714-1] keystone security update
2024-01-21 21:45:45
nessus
nessus
Debian dla-3714 : keystone - security update
2024-01-22 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3714-1)
2024-01-22 00:00:00