Veracode Vulnerability DatabaseVERACODE:10996Authorization Bypass
0.003 Low
EPSS
Percentile
68.2%
python-keystoneclient is vulnerable to authorization bypass. An attacker with direct write access to the memcache backend is able to insert malicious data and bypass the encryption to tamper the encrypted data or modify data in memcached. Only setups that use memcache caching in the Keystone middleware and ENCRYPT or MAC as the memcache_security_strategy are affected.
References
lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html
rhn.redhat.com/errata/RHSA-2013-0992.html
www.openwall.com/lists/oss-security/2013/06/19/5
www.securityfocus.com/bid/60684
access.redhat.com/errata/RHSA-2013:0992
access.redhat.com/security/cve/cve-2013-2166
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=971026
bugzilla.redhat.com/show_bug.cgi?id=974271
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166
bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166
rhn.redhat.com/errata/RHSA-2013-0992.html
security-tracker.debian.org/tracker/CVE-2013-2166
Related
