SUSE CVE-2013-2104

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:1089-1)

This update of openstack-keystone fixes two security vulnerabilities. - Add CVE-2013-2104.patch: fix missing expiration check in Keystone PKI token validation CVE-2013-2104, bnc821201 - Add CVE-2013-2157.patch: fix authentication bypass when using LDAP backend CVE-2013-2157, bnc823783 %NASLMINLEV...

CVE-2013-2104

CVE-2013-2104 affects Python-keystoneclient = 0.2.4) as part of OpenStack/Keystone updates; multiple advisories reference this fix (e.g., RHSA-2013:0944, openSUSE/SUSE patches). Technical details and affected environments are corroborated across Nessus, OSV, and OSV.DEBIAN entries in the connecte...

CVE-2013-2104

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

Fedora Update for python-keystoneclient FEDORA-2013-14302

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : python-keystoneclient-0.2.3-7.fc19 (2013-14302)

Selective backports from stable/grizzly : - Ec2Signer: Initial support for v4 signature verification. - Allow signature verification for older boto versions. - Default signingdir to secure temp dir. - Fix memcache encryption middleware. CVE-2013-2166, CVE-2013-2167 - Check token expiry...

Fedora Update for openstack-keystone FEDORA-2013-10713

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 18 : openstack-keystone-2012.2.4-5.fc18 (2013-10713)

authtoken: Check token expiry CVE-2013-2104 Force simple Bind for authentication CVE-2013-2157 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possibl...

Ubuntu: Security Advisory (USN-1875-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1875-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1875-1 June 14, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-1875-1: OpenStack Keystone vulnerabilities

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu...

Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-1875-1)

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu...

Moderate: Red Hat Security Advisory: python-keystoneclient security and bug fix update

Updated python-keystoneclient packages that fix one security issue and multiple bugs are now available for Red Hat OpenStack 3.0 Grizzly Preview. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...