openstack-keystone is vulnerable to authentication bypass. The vulnerability exists as it does not properly revoke tokens when a domain is invalidated.
rhn.redhat.com/errata/RHSA-2014-1121.html
rhn.redhat.com/errata/RHSA-2014-1122.html
www.openwall.com/lists/oss-security/2014/08/15/6
www.ubuntu.com/usn/USN-2324-1
access.redhat.com/security/updates/classification/#low
bugs.launchpad.net/keystone/+bug/1349597
bugzilla.redhat.com/show_bug.cgi?id=1127421
launchpad.net/keystone/icehouse/2014.1.2
rhn.redhat.com/errata/RHSA-2014-1121.html