Authentication Bypass in OpenStack Keystone Affects MySQL Token Driver
CVE-2014-5251
Currently unrated
Summary
The MySQL token driver in OpenStack Identity (Keystone) versions 2014.1.x prior to 2014.1.2.1 and Juno prior to Juno-3 exhibits a flaw in how it stores timestamps. This issue leads to incorrect precision during expiration comparisons for tokens. As a result, remote authenticated users may exploit this vulnerability to maintain access using tokens that should have expired, creating potential security risks and unauthorized access. Regular updates are crucial to mitigate this vulnerability.
References
Timeline
Vulnerability published
Vulnerability Reserved