|
|
Subscribe / Log in / New account

keystone: revocation check bypass

Package(s):keystone CVE #(s):CVE-2013-1865
Created:March 21, 2013 Updated:April 9, 2013
Description:

From the Ubuntu advisory:

Guang Yee discovered that Keystone would not always perform all verification checks when configured to use PKI. If the keystone server was configured to use PKI and services or users requested online verification, an attacker could potentially exploit this to bypass revocation checks. Keystone uses UUID tokens by default in Ubuntu.

Alerts:
Red Hat RHSA-2013:0708-01 openstack-keystone 2013-04-04
openSUSE openSUSE-SU-2013:0565-1 openstack-keystone 2013-04-02
Ubuntu USN-1772-1 keystone 2013-03-20
Fedora FEDORA-2013-4590 openstack-keystone 2013-04-08
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds