Authentication Bypass

2019-01-1508:55:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

openstack-keystone is vulnerable to authentication bypass attacks. The vulnerability exists as OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

CPENameOperatorVersion
openstack-keystoneeq2012.2.3__7.el6ost
openstack-keystoneeq2012.2.3__4.el6ost
openstack-keystoneeq2012.2.3__8.el6ost
openstack-keystoneeq2012.2.1__3.el6ost
openstack-keystoneeq2012.2__6.el6
openstack-keystoneeq2012.2.3__3.el6ost
openstack-keystoneeq2012.1.3__3.el6
openstack-keystoneeq2012.2.1__1.el6ost
openstack-keystoneeq2013.1.1__1.el6ost
openstack-keystoneeq2012.1.2__4.el6

Name	Operator	Version
openstack-keystone	eq	2012.2.3__7.el6ost
openstack-keystone	eq	2012.2.3__4.el6ost
openstack-keystone	eq	2012.2.3__8.el6ost
openstack-keystone	eq	2012.2.1__3.el6ost
openstack-keystone	eq	2012.2__6.el6
openstack-keystone	eq	2012.2.3__3.el6ost
openstack-keystone	eq	2012.1.3__3.el6
openstack-keystone	eq	2012.2.1__1.el6ost
openstack-keystone	eq	2013.1.1__1.el6ost
openstack-keystone	eq	2012.1.2__4.el6