User: Password:
Subscribe / Log in / New account

openstack-keystone: authentication bypass

Package(s):openstack-keystone CVE #(s):CVE-2013-2157
Created:June 28, 2013 Updated:August 12, 2013

From the openSUSE bug report:

Jose Castro Leon from CERN reported a vulnerability in the way the Keystone LDAP backend authenticates users. When provided with an empty password, the backend would perform an anonymous LDAP bind that would result in successfully authenticating the user. An attacker could therefore easily impersonate and get valid tokens for any user. Only Keystone setups using LDAP authentication backend are affected.

Fedora FEDORA-2013-10713 openstack-keystone 2013-08-09
Fedora FEDORA-2013-10467 openstack-keystone 2013-07-20
Red Hat RHSA-2013:1083-01 openstack-keystone 2013-07-16
Red Hat RHSA-2013:0994-01 openstack-keystone 2013-06-27
openSUSE openSUSE-SU-2013:1089-1 openstack-keystone 2013-06-27

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds