openstack-keystone: Authentication bypass when using LDAP backend

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

python-keystoneclient: middleware memcache encryption and signing bypass

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)

Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台，帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞，允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...

Ubuntu Update for keystone USN-1875-1

Check for the Version of keystone OpenVAS Vulnerability Test $Id: gbubuntuUSN18751.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for keystone USN-1875-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu: Security Advisory (USN-1875-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1875-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1875-1 June 14, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-1875-1: OpenStack Keystone vulnerabilities

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu...

Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-1875-1)

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu...

CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

Keystone: Missing expiration check in Keystone PKI token validation

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

Ubuntu: Security Advisory (USN-1851-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 13.04 : python-keystoneclient vulnerability (USN-1851-1)

Eoghan Glynn and Alex Meade discovered that python-keystoneclient did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens the default in Ubuntu 13.04, a previously authenticated user could continue to use a PKI token for longer than...

CVE-2013-2104

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

Fedora 19 : openstack-keystone-2013.1.1-1.fc19 (2013-8023)

First stable Grizzly update 2013.1.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...

[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.1-1.fc19

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Fedora Update for openstack-keystone FEDORA-2013-8048

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-8048 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for openstack-keystone FEDORA-2013-8048

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Fedora 18 : openstack-keystone-2012.2.4-3.fc18 (2013-8048)

Revoke tokens on user delete CVE-2013-2059 - authtoken: Securely create signingdir CVE-2013-2030 - avoid potential disclosure in log files and restrict /var/log/keystone/ CVE-2013-2006 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

CVE-2013-2006

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...