Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows...

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by...

Denial Of Service (DoS)

openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token...

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as the LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain...

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as the ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass attacks. The vulnerability exists as OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

Authorization Bypass

python-keystoneclient is vulnerable to authorization bypass. An attacker with direct write access to the memcache backend is able to insert malicious data and bypass the encryption to tamper the encrypted data or modify data in memcached. Only setups that use memcache caching in the Keystone...

Information Disclosure

openstack-keystone is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log...

Improper Invalidation Of Token

openstack-keystone is vulnerable to access bypass attacks. The vulnerability exists as the memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not inclu...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. This is due to the way PKI tokens are revoked, which allow users with revoked tokens to retain access to resources that should no longer be accessible...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. Access to the web and network interfaces are permitted using chained tokens even after the linked tokens have expired, granting an attacker continued access to the openstack services...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass. This is due to the way users are removed from tenants when using Amazon EC2 credentials. Users retain privileges after being removed from tenants and will still be able to access resources which would have not been permitted...

OpenStack Keystone Information Disclosure Vulnerability (CNVD-2018-25881)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Keystone is one of the projects used for authentication, providing identity, token, directory, and policy services. A security vulnerability...

CVE-2018-20170

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...

PYSEC-2018-9

DISPUTED OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should ha...

Design/Logic Flaw

DISPUTED OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should ha...

CVE-2018-20170

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...

PYSEC-2018-9

DISPUTED OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should ha...

UBUNTU-CVE-2018-20170

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...

CVE-2018-20170

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...