Lucene search
Veracode Vulnerability DatabaseVERACODE:25206HistoryMay 08, 2020 - 5:36 a.m.
Man-in-the-Middle (MitM)
2020-05-0805:36:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
38.1%
openstack keystone is vulnerable to man-in-the-middle attack. Lack of signature TTL check to verify the timestamp in the AWS Signature V4 token signature allows an attacker to sniff an Authorization header in a man-in-the-middle attack and reuse the header to reissue openstack tokens.
References
www.openwall.com/lists/oss-security/2020/05/07/1
bugs.launchpad.net/keystone/+bug/1872737
github.com/openstack/keystone/commit/9a9022600e01ea09131cf194ffa5c1757ffeb24f
opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
security.openstack.org/ossa/OSSA-2020-003.html
usn.ubuntu.com/4480-1/
www.openwall.com/lists/oss-security/2020/05/06/4
Related
debiancve
debiancve
CVE-2020-12692
2020-05-07 00:15:10
nvd
nvd
CVE-2020-12692
2020-05-07 00:15:10
redhatcve
redhatcve
CVE-2020-12692
2020-05-08 00:09:51
cvelist
cvelist
CVE-2020-12692
2020-05-06 23:42:42
github
github
ubuntucve
ubuntucve
CVE-2020-12692
2020-05-07 00:00:00
osv
osv
CVE-2020-12692
2020-05-07 00:15:10
PYSEC-2020-56
2020-05-07 00:15:00
prion
prion
Authorization
2020-05-07 00:15:00
cve
cve
CVE-2020-12692
2020-05-07 00:15:10
redhat
redhat
(RHSA-2020:2732) Important: openstack-keystone security update
2020-06-24 12:25:05
(RHSA-2020:3105) Important: openstack-keystone security update
2020-07-22 12:28:32
(RHSA-2020:3102) Important: openstack-keystone security update
2020-07-22 12:24:32
nessus
nessus
RHEL 7 : openstack-keystone (RHSA-2020:2732)
2020-06-24 00:00:00
RHEL 8 : openstack-keystone (RHSA-2020:3105)
2020-07-22 00:00:00
Ubuntu 18.04 LTS : OpenStack Keystone vulnerabilities (USN-4480-1)
2020-09-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4480-1)
2020-09-02 00:00:00
Debian: Security Advisory (DSA-4679-1)
2020-05-08 00:00:00
ibm
ibm
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2020-09-01 00:00:00