RHEL 6 : openstack-keystone (RHSA-2014:0089)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0089 advisory. The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token,...

OpenStack Keystone allows context-dependent attackers to bypass access restrictions

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

Moderate: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

[USN-2061-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2061-1 December 19, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

OpenStack Keystone EC2-style令牌校验特权提升漏洞

Bugtraq ID:64253 CVE ID:CVE-2013-6391 Keystone是Openstack中用于身份验证的项目，任何服务请求需要经过它的验证获得服务的endpoint。 OpenStack Keystone在使用trust-scoped令牌生成EC2验证凭据时ec2tokens API存在一个安全漏洞，允许远程利用漏洞访问其他受限委托人角色trustor's roles，提升权限。 要成功利用漏洞需要应用启用了EC2-style验证。 0 OpenStack Keystone 2013.x...

OpenStack Keystone 验证绕过漏洞(CVE-2013-0282)

CVE ID:CVE-2013-0282 OpenStack Keystone为OpenStack系列计划提供身份、令牌、目录和策略服务的项目。 在使用EC2-Style验证时OpenStack Keystone Grizzly，Folsom, Essex没有正确检查用户，租户或域是否启用，允许远程攻击者利用漏洞绕过访问限制。 仅设置了启用EC2-Style验证的系统受此漏洞影响。 0 OpenStack Keystone Grizzly 2013.1之前版本 OpenStack Keystone Folsom 2012.1.3之前版本 OpenStack Keystone Essex...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

Authentication flaw

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0282

CVE-2013-0282 affects OpenStack Keystone (Grizzly 2013.1, Folsom 2012.1.3, Essex). The root cause is that EC2-style authentication did not properly verify that the (1) user, (2) tenant, or (3) domain is enabled, enabling context-dependent attackers to bypass access restrictions. Public documents ...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

Fedora 17 : openstack-keystone-2012.1.3-3.fc17 (2012-19341)

EC2-style credentials invalidation issue CVE-2012-5571 - Fix /etc/keystone directory permission CVE-2012-5483 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...

Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1641-1)

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...

USN-1641-1: OpenStack Keystone vulnerabilities

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...