Authentication Bypass in OpenStack Keystone by Anonymous LDAP Binding
CVE-2013-2157
Currently unrated
Summary
The OpenStack Keystone service is vulnerable to an authentication bypass when configured to use LDAP with Anonymous binding. This flaw allows remote attackers to gain unauthorized access by submitting an empty password. Affected versions include Keystone Folsom, Grizzly before 2013.1.3, and Havana, posing a significant risk to systems utilizing these versions. It's crucial for administrators to update to fixed versions and employ secure configurations to mitigate this vulnerability.
References
Timeline
Vulnerability published
Vulnerability Reserved