python-keystoneclient is vulnerable to remote authenticated users gaining privileges. The auth_token middleware doesn’t correctly retrieve user tokens from memcache, allowing remote authenticated users to gain privileges by issuing a large number of requests.