Lucene search
Veracode Vulnerability DatabaseVERACODE:16095HistoryMay 02, 2019 - 5:11 a.m.
Authentication Bypass
2019-05-0205:11:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
54.0%
openstack-keystone is vulnerable to authentication bypass. The vulnerability exists as the V3 API updates the issued_at value for UUID v2 tokens, and allows authenticated users to bypass the token expiration to retain access.
References
rhn.redhat.com/errata/RHSA-2014-1121.html
rhn.redhat.com/errata/RHSA-2014-1122.html
www.openwall.com/lists/oss-security/2014/08/15/6
www.ubuntu.com/usn/USN-2324-1
access.redhat.com/security/updates/classification/#low
bugs.launchpad.net/keystone/+bug/1348820
bugzilla.redhat.com/show_bug.cgi?id=1127421
launchpad.net/keystone/icehouse/2014.1.2
rhn.redhat.com/errata/RHSA-2014-1121.html
Related
debiancve
debiancve
CVE-2014-5252
2014-08-25 14:55:07
ubuntucve
ubuntucve
CVE-2014-5252
2014-08-15 00:00:00
cve
cve
CVE-2014-5252
2014-08-25 14:55:07
prion
prion
Cross site request forgery (csrf)
2014-08-25 14:55:00
nvd
nvd
CVE-2014-5252
2014-08-25 14:55:07
github
github
cvelist
cvelist
CVE-2014-5252
2014-08-25 14:00:00
redhat
redhat
(RHSA-2014:1121) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
(RHSA-2014:1122) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2014-08-21 00:00:00
securityvulns
securityvulns
[USN-2324-1] OpenStack Keystone vulnerabilities
2014-08-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2324-1)
2014-08-22 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)
2014-08-22 00:00:00