openstack-keystone is vulnerable to authentication bypass. The vulnerability exists as the V3 API updates the issued_at value for UUID v2 tokens, and allows authenticated users to bypass the token expiration to retain access.
rhn.redhat.com/errata/RHSA-2014-1121.html
rhn.redhat.com/errata/RHSA-2014-1122.html
www.openwall.com/lists/oss-security/2014/08/15/6
www.ubuntu.com/usn/USN-2324-1
access.redhat.com/security/updates/classification/#low
bugs.launchpad.net/keystone/+bug/1348820
bugzilla.redhat.com/show_bug.cgi?id=1127421
launchpad.net/keystone/icehouse/2014.1.2
rhn.redhat.com/errata/RHSA-2014-1121.html