Denial of Service in OpenStack Identity V3 API by Large Request Load
CVE-2014-2828
Currently unrated
Summary
The V3 API in OpenStack Identity (Keystone) versions prior to 2013.2.4 and Icehouse releases before icehouse-rc2 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by issuing a large volume of requests using the same authentication method, overwhelming the system and leading to excessive CPU consumption. This behavior, known as 'authentication chaining,' can disrupt service availability, thereby impacting users and organizations relying on OpenStack for their infrastructure.
References
Timeline
Vulnerability published
Vulnerability Reserved