CVE-2013-2104

Currently unrated

Key Information:

Vendor: Openstack
Status: Python-keystoneclient
Vendor: CVE Published:; 21 January 2014

Summary

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

References

http://www.openwall.com/lists/oss-security/2013/05/28/7

mailing-listx_refsource_MLIST

http://www.ubuntu.com/usn/USN-1851-1

vendor-advisoryx_refsource_UBUNTU

http://rhn.redhat.com/errata/RHSA-2013-0944.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Feb 19, 2013