A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 (V4) process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access.