87 matches found
OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)
Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞,允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...
Keystone: Missing expiration check in Keystone PKI token validation
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
Ubuntu 13.04 : python-keystoneclient vulnerability (USN-1851-1)
Eoghan Glynn and Alex Meade discovered that python-keystoneclient did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens the default in Ubuntu 13.04, a previously authenticated user could continue to use a PKI token for longer than...
Ubuntu Update for python-keystoneclient USN-1851-1
Check for the Version of python-keystoneclient OpenVAS Vulnerability Test $Id: gbubuntuUSN18511.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for python-keystoneclient USN-1851-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net...
Ubuntu: Security Advisory (USN-1851-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1851-1: python-keystoneclient vulnerability
Eoghan Glynn and Alex Meade discovered that python-keystoneclient did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens the default in Ubuntu 13.04, a previously authenticated user could continue to use a PKI token for longer than...
CVE-2013-2104
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...