Password Complexity Bypass in OpenStack Keystone
CVE-2021-3563
7.4HIGH
Summary
A security flaw exists in OpenStack Keystone where only the initial 72 characters of an application secret are checked. This can lead to attackers bypassing expected password complexity measures that administrators may rely on to protect sensitive data. The primary risk posed by this issue is to the confidentiality and integrity of the data, making it imperative for organizations using OpenStack to audit their configurations and apply necessary security patches.
Affected Version(s)
keystone Not-known
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved