Authentication Bypass in OpenStack Keystone Affects MySQL Token Driver
CVE-2014-5251

Currently unrated

Key Information:

Vendor: Openstack
Status: Keystone; Ubuntu Linux
Vendor: CVE Published:; 25 August 2014

Summary

The MySQL token driver in OpenStack Identity (Keystone) versions 2014.1.x prior to 2014.1.2.1 and Juno prior to Juno-3 exhibits a flaw in how it stores timestamps. This issue leads to incorrect precision during expiration comparisons for tokens. As a result, remote authenticated users may exploit this vulnerability to maintain access using tokens that should have expired, creating potential security risks and unauthorized access. Regular updates are crucial to mitigate this vulnerability.

References

http://rhn.redhat.com/errata/RHSA-2014-1121.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2014-1122.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/keystone/+bug/1347961

x_refsource_MISC

Timeline

Vulnerability published
Aug 25, 2014
Vulnerability Reserved
Aug 15, 2014