Token Expiration Issue in OpenStack Keystone by OpenStack
CVE-2012-5563

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
18 December 2012

Summary

OpenStack Keystone, utilized in OpenStack Folsom 2012.2, demonstrates a flaw in its implementation of token expiration, which permits remote authenticated users to circumvent designated authorization controls. This vulnerability arises from an issue with token chaining, allowing the unauthorized generation of new tokens and potentially compromising system security. This issue is a direct result of a regression linked to a previous vulnerability identified as CVE-2012-3426, heightening the importance of addressing this concern within the affected OpenStack environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.