Lucene search
PRIOn knowledge basePRION:CVE-2017-16613HistoryNov 21, 2017 - 1:29 p.m.
Authentication flaw
2017-11-2113:29:00
PRIOn knowledge base
www.prio-n.com
4
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
Related
osv
osv
PYSEC-2017-84
2017-11-21 13:29:00
CVE-2017-16613
2017-11-21 13:29:00
swauth - security update
2017-11-21 00:00:00
ubuntucve
ubuntucve
CVE-2017-16613
2017-11-21 00:00:00
nessus
nessus
Debian DSA-4044-1 : swauth - security update
2017-11-22 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4044-1)
2017-11-20 00:00:00
veracode
veracode
Authentication Bypass
2017-11-22 00:40:17
github
github
OpenStack Swauth object/proxy server writing Auth Token to log file
2022-05-17 00:16:14
debian
debian
[SECURITY] [DSA 4044-1] swauth security update
2017-11-21 16:10:09
cvelist
cvelist
CVE-2017-16613
2017-11-21 13:00:00
debiancve
debiancve
CVE-2017-16613
2017-11-21 13:29:00
nvd
nvd
CVE-2017-16613
2017-11-21 13:29:00
cve
cve
CVE-2017-16613
2017-11-21 13:29:00