4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
openstack-keystone is vulnerable to authentication bypass. Access to the web and network interfaces are permitted using chained tokens even after the linked tokens have expired, granting an attacker continued access to the openstack services.
rhn.redhat.com/errata/RHSA-2012-1557.html
secunia.com/advisories/51423
secunia.com/advisories/51436
www.openwall.com/lists/oss-security/2012/11/28/5
www.openwall.com/lists/oss-security/2012/11/28/6
www.securityfocus.com/bid/56727
www.ubuntu.com/usn/USN-1641-1
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/keystone/+bug/1079216
bugzilla.redhat.com/show_bug.cgi?id=883829
exchange.xforce.ibmcloud.com/vulnerabilities/80370
github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681
rhn.redhat.com/errata/RHSA-2012-1557.html