Token Expiration Issue in OpenStack Keystone by OpenStack
CVE-2012-5563
Currently unrated
Summary
OpenStack Keystone, utilized in OpenStack Folsom 2012.2, demonstrates a flaw in its implementation of token expiration, which permits remote authenticated users to circumvent designated authorization controls. This vulnerability arises from an issue with token chaining, allowing the unauthorized generation of new tokens and potentially compromising system security. This issue is a direct result of a regression linked to a previous vulnerability identified as CVE-2012-3426, heightening the importance of addressing this concern within the affected OpenStack environments.
References
Timeline
Vulnerability published
Vulnerability Reserved