Improper Revocation Check Vulnerability in OpenStack Keystone Folsom by OpenStack
CVE-2013-1865

Currently unrated

Key Information:

Vendor: Openstack
Status: Folsom
Vendor: CVE Published:; 22 March 2013

Summary

OpenStack Keystone Folsom (2012.2) suffers from improper handling of revocation checks for PKI tokens. This oversight allows remote attackers to exploit revoked tokens, effectively bypassing access restrictions and gaining unauthorized access. This vulnerability can compromise the integrity of access controls, posing a significant risk to systems relying on OpenStack for identity services. Users should consider updating to patched versions and implementing additional security measures to mitigate potential threats.

References

http://www.openwall.com/lists/oss-security/2013/03/20/13

mailing-listx_refsource_MLIST

http://secunia.com/advisories/52657

third-party-advisoryx_refsource_SECUNIA

http://lists.opensuse.org/opensuse-updates/2013-04/msg000...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Mar 22, 2013
Vulnerability Reserved
Feb 19, 2013