Authentication Bypass in OpenStack Keystone Affects MySQL Token Driver
CVE-2014-5251

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
25 August 2014

Summary

The MySQL token driver in OpenStack Identity (Keystone) versions 2014.1.x prior to 2014.1.2.1 and Juno prior to Juno-3 exhibits a flaw in how it stores timestamps. This issue leads to incorrect precision during expiration comparisons for tokens. As a result, remote authenticated users may exploit this vulnerability to maintain access using tokens that should have expired, creating potential security risks and unauthorized access. Regular updates are crucial to mitigate this vulnerability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.