Authentication Bypass

🗓️ 15 Jan 2019 09:00:07Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 23 Views

openstack-keystone vulnerable to authentication bypass due to incorrect timestamp precisio

Reporter	Title	Published	Views	Family All 26
CVE	CVE-2014-5251	25 Aug 201414:00	–	cve
Cvelist	CVE-2014-5251	25 Aug 201414:00	–	cvelist
Debian CVE	CVE-2014-5251	25 Aug 201414:00	–	debiancve
EUVD	EUVD-2014-0027	7 Oct 202500:30	–	euvd
Github Security Blog	OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events	17 May 202204:31	–	github
NVD	CVE-2014-5251	25 Aug 201414:55	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-2324-1)	22 Aug 201400:00	–	openvas
OSV	DEBIAN-CVE-2014-5251	25 Aug 201414:55	–	osv
OSV	GHSA-GMVP-5RF9-MXCM OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events	17 May 202204:31	–	osv
OSV	PYSEC-2014-107	25 Aug 201414:55	–	osv

Vulners

Node

openstack-keystone openstack-keystoneMatch13.0.1_1.el7

openstack-keystone openstack-keystoneMatch13.0.0_0.2.0rc2.el7

openstack-keystone openstack-keystoneMatch12.0.0_1.el7

openstack-keystone openstack-keystoneMatch12.0.1_1.el7

openstack-keystone openstack-keystoneMatch11.0.3_1.el7

openstack-keystone openstack-keystoneMatch13.0.0_1.el7

openstack-keystone openstack-keystoneMatch14.0.0_1.el7

openstack-keystone openstack-keystoneMatch14.0.0_2.el7

openstack-keystone openstack-keystoneMatch14.0.0_0.2.0rc2.el7

openstack-keystone openstack-keystoneMatch2014.1.1_1.el7ost

openstack-keystone openstack-keystoneMatch11.0.4_1.el7

openstack-keystone openstack-keystoneMatch2013.2.3_8.el6ost

openstack-keystone openstack-keystoneMatch2013.2_3.el6ost

openstack-keystone openstack-keystoneMatch2012.2.3_3.el6ost

openstack-keystone openstack-keystoneMatch2013.1.1_1.el6ost

openstack-keystone openstack-keystoneMatch2012.1.3_3.el6

openstack-keystone openstack-keystoneMatch2013.1.5_2.el6ost

openstack-keystone openstack-keystoneMatch2013.2.3_7.el6ost

openstack-keystone openstack-keystoneMatch2013.2.3_4.el6ost

openstack-keystone openstack-keystoneMatch2012.2.1_3.el6ost

openstack-keystone openstack-keystoneMatch2012.2.4_2.el6ost

openstack-keystone openstack-keystoneMatch2013.1.4_2.el6ost

openstack-keystone openstack-keystoneMatch2012.2_6.el6

openstack-keystone openstack-keystoneMatch2013.1.3_2.el6ost

openstack-keystone openstack-keystoneMatch2013.2.1_1.el6ost

openstack-keystone openstack-keystoneMatch2014.1.1_1.el6ost

openstack-keystone openstack-keystoneMatch2013.2.2_1.el6ost

openstack-keystone openstack-keystoneMatch2013.1.4_1.el6ost

openstack-keystone openstack-keystoneMatch2012.2.3_4.el6ost

openstack-keystone openstack-keystoneMatch2012.2.1_1.el6ost

openstack-keystone openstack-keystoneMatch2012.2.3_7.el6ost

openstack-keystone openstack-keystoneMatch2012.1.1_1.el6

openstack-keystone openstack-keystoneMatch2013.1.3_1.el6ost

openstack-keystone openstack-keystoneMatch2012.2.4_3.el6ost

openstack-keystone openstack-keystoneMatch2013.1.2_2.el6ost

openstack-keystone openstack-keystoneMatch2012.1.2_4.el6

openstack-keystone openstack-keystoneMatch2012.2.3_8.el6ost

openstack-keystone openstack-keystoneMatch2013.1.5_3.el6ost

Source	Link
launchpad	www.launchpad.net/keystone/icehouse/2014.1.2
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
rhn	www.rhn.redhat.com/errata/RHSA-2014-1121.html
access	www.access.redhat.com/security/updates/classification/
bugs	www.bugs.launchpad.net/keystone/+bug/1347961
openwall	www.openwall.com/lists/oss-security/2014/08/15/6
rhn	www.rhn.redhat.com/errata/RHSA-2014-1121.html
rhn	www.rhn.redhat.com/errata/RHSA-2014-1122.html
ubuntu	www.ubuntu.com/usn/USN-2324-1

15 May 2019 06:18Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.9

EPSS0.0031