RHEL 6 : openstack-keystone (RHSA-2013:1285)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1285 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

Malicious code in kvs_availability_tool_registration_code_crack_work_zj (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fc7a5cc09fe5fe0b8ab8a1d0956c0e8a7aad8a2ab6b582905796a1c333d67dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ss.kvsindia.in Cross Site Scripting vulnerability OBB-1441780

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as the 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remot...

USN-2002-1: Keystone vulnerabilities

Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. CVE-2013-4222 Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when...

OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

Moderate: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

DEBIAN-CVE-2013-4294

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...