Token Expiration Issue in OpenStack Keystone by OpenStack
CVE-2012-5563

Currently unrated

Key Information:

Vendor: Openstack
Status: Folsom
Vendor: CVE Published:; 18 December 2012

Summary

OpenStack Keystone, utilized in OpenStack Folsom 2012.2, demonstrates a flaw in its implementation of token expiration, which permits remote authenticated users to circumvent designated authorization controls. This vulnerability arises from an issue with token chaining, allowing the unauthorized generation of new tokens and potentially compromising system security. This issue is a direct result of a regression linked to a previous vulnerability identified as CVE-2012-3426, heightening the importance of addressing this concern within the affected OpenStack environments.

References

http://rhn.redhat.com/errata/RHSA-2012-1557.html

vendor-advisoryx_refsource_REDHAT

http://www.openwall.com/lists/oss-security/2012/11/28/5

mailing-listx_refsource_MLIST

https://github.com/openstack/keystone/commit/38c7e46a640a...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 18, 2012
Vulnerability Reserved
Oct 24, 2012