Denial of Service in OpenStack Identity V3 API by Large Request Load
CVE-2014-2828

Currently unrated

Key Information:

Vendor
Openstack
Status
Keystone
Vendor
CVE Published:
15 April 2014

Summary

The V3 API in OpenStack Identity (Keystone) versions prior to 2013.2.4 and Icehouse releases before icehouse-rc2 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by issuing a large volume of requests using the same authentication method, overwhelming the system and leading to excessive CPU consumption. This behavior, known as 'authentication chaining,' can disrupt service availability, thereby impacting users and organizations relying on OpenStack for their infrastructure.

References

http://rhn.redhat.com/errata/RHSA-2014-1688.html
vendor-advisoryx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2014/04/10/20
mailing-listx_refsource_MLIST
https://bugs.launchpad.net/keystone/+bug/1300274
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.