Authentication Bypass in OpenStack Keystone by Anonymous LDAP Binding
CVE-2013-2157

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
20 August 2013

Summary

The OpenStack Keystone service is vulnerable to an authentication bypass when configured to use LDAP with Anonymous binding. This flaw allows remote attackers to gain unauthorized access by submitting an empty password. Affected versions include Keystone Folsom, Grizzly before 2013.1.3, and Havana, posing a significant risk to systems utilizing these versions. It's crucial for administrators to update to fixed versions and employ secure configurations to mitigate this vulnerability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.