Password Complexity Bypass in OpenStack Keystone
CVE-2021-3563

7.4HIGH

Key Information:

Vendor
Openstack
Status
Keystone
Vendor
CVE Published:
26 August 2022

Summary

A security flaw exists in OpenStack Keystone where only the initial 72 characters of an application secret are checked. This can lead to attackers bypassing expected password complexity measures that administrators may rely on to protect sensitive data. The primary risk posed by this issue is to the confidentiality and integrity of the data, making it imperative for organizations using OpenStack to audit their configurations and apply necessary security patches.

Affected Version(s)

keystone Not-known

References

https://bugs.launchpad.net/ossa/+bug/1901891
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1962908
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-3563
x_refsource_MISC

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.