Token Expiry Vulnerability in OpenStack Keystone Client by OpenStack
CVE-2013-2104

Currently unrated

Key Information:

Vendor: Openstack
Status: Python-keystoneclient
Vendor: CVE Published:; 21 January 2014

Summary

The OpenStack Keystone Client prior to version 0.2.4 suffers from a flaw that compromises the expiration mechanism of PKI tokens. This vulnerability enables remote authenticated users to continue utilizing tokens even after their expiration or to use tokens that have been revoked. This lapse in security can result in unauthorized access to resources, necessitating immediate attention and remediation from affected users.

References

http://www.openwall.com/lists/oss-security/2013/05/28/7

mailing-listx_refsource_MLIST

http://www.ubuntu.com/usn/USN-1851-1

vendor-advisoryx_refsource_UBUNTU

http://rhn.redhat.com/errata/RHSA-2013-0944.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Feb 19, 2013