Lucene search
Veracode Vulnerability DatabaseVERACODE:11317HistoryJan 15, 2019 - 9:00 a.m.
Authentication Bypass
2019-01-1509:00:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
EPSS
0.002
Percentile
56.3%
openstack-keystone is vulnerable to authentication bypass. Remote authenticated users are able to retain access via an expired token due to the token driver storing timestamps with incorrect precision, which causes timestamp expiration time comparisons for tokens to fail.
References
rhn.redhat.com/errata/RHSA-2014-1121.html
rhn.redhat.com/errata/RHSA-2014-1122.html
www.openwall.com/lists/oss-security/2014/08/15/6
www.ubuntu.com/usn/USN-2324-1
access.redhat.com/security/updates/classification/#low
bugs.launchpad.net/keystone/+bug/1347961
bugzilla.redhat.com/show_bug.cgi?id=1127421
launchpad.net/keystone/icehouse/2014.1.2
rhn.redhat.com/errata/RHSA-2014-1121.html
Related
ubuntucve
ubuntucve
CVE-2014-5251
2014-08-15 00:00:00
cvelist
cvelist
CVE-2014-5251
2014-08-25 14:00:00
debiancve
debiancve
CVE-2014-5251
2014-08-25 14:55:07
prion
prion
Code injection
2014-08-25 14:55:00
github
github
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
2022-05-17 04:31:12
nvd
nvd
CVE-2014-5251
2014-08-25 14:55:07
cve
cve
CVE-2014-5251
2014-08-25 14:55:07
redhat
redhat
(RHSA-2014:1121) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
(RHSA-2014:1122) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)
2014-08-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2324-1)
2014-08-22 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2014-08-21 00:00:00
securityvulns
securityvulns
[USN-2324-1] OpenStack Keystone vulnerabilities
2014-08-24 00:00:00