Token Expiration Flaw in OpenStack Keystone Affects Multiple Versions
CVE-2012-3426

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
31 July 2012

Summary

The vulnerability in OpenStack Keystone allows remote authenticated users to exploit improper token expiration handling. Attackers can create new tokens via token chaining, use tokens linked to disabled accounts, or access tokens even when passwords have been changed. This enables unauthorized access and bypasses intended restrictions, posing a significant security risk to users relying on OpenStack deployment.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.