Denial of Service in OpenStack Identity V3 API by Large Request Load
CVE-2014-2828

Currently unrated

Key Information:

Vendor

Openstack
Status
Keystone
Vendor
CVE Published:
15 April 2014

What is CVE-2014-2828?

The V3 API in OpenStack Identity (Keystone) versions prior to 2013.2.4 and Icehouse releases before icehouse-rc2 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by issuing a large volume of requests using the same authentication method, overwhelming the system and leading to excessive CPU consumption. This behavior, known as 'authentication chaining,' can disrupt service availability, thereby impacting users and organizations relying on OpenStack for their infrastructure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2014-1688.html
vendor-advisoryx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2014/04/10/20
mailing-listx_refsource_MLIST
https://bugs.launchpad.net/keystone/+bug/1300274
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.