GHSA-P9WQ-MJH8-Q72M OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware

A context confusion vulnerability was identified in Keystone authtoken middleware shipped in python-keystoneclient before 0.7.0. By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete...

CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

PYSEC-2019-197

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

PT-2019-6881 · Openstack · Python-Keystoneclient

Name of the Vulnerable Software and Affected Versions: python-keystoneclient versions 0.2.3 through 0.2.5 Description: The issue concerns a middleware memcache encryption bypass in the python-keystoneclient. No information is provided about the estimated number of potentially affected devices or...

Encryption And Signing Bypass

python-keystoneclient is vulnerable to Encryption and Signing Bypass. A flaw was found in the way python-keystoneclient verified data from memcached. Even when the memcachesecuritystrategy setting in /etc/swift/proxy-server.conf was set to MAC to perform signature checking, an attacker on the loc...

Man-in-the-Middle (MitM) Attacks

The s3token middleware in python-keystoneclient is vulnerable to man-in-the-middle attacks. This vulnerability is caused when python-keystoneclient disables certificate verification when the "insecure" option is set in a paste.ini file regardless of the value...

Failure In Verification Of PKI Token Expiry

There is a flaw in python-keystoneclient which does not verify the expiry of PKI tokens. It allows an authenticated user to use a token or even a revoked token after its expiry...

[USN-2705-1] Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2705-1 August 06, 2015 python-keystoneclient, python-keystonemiddleware vulnerabilities ========================================================================== A security issue affects these...

SUSE-SU-2015:1434-1 Security update for python modules

This update provides the following fixes for various python-modules: - python-openstackclient: + Fix image create location attribute bnc932270 - python-novaclient: + Update novaclient shell to use shared arguments from Session + Support using the Keystone V3 API from the Nova CLI -...

Ubuntu: Security Advisory (USN-2705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2015:1208-1 Security update for python-keystoneclient

The python-keystoneclient was updated to fix one security issues. The following vulnerability was fixed: - bsc928205: S3Token TLS cert verification option not honored CVE-2015-1852...