CVE-2012-3426

by Fred · 31/07/2012

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

Date published : 2012-07-31

http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa

http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

CVE-2012-3426

Related

Recent Posts

Categories

Latest CWE

CVE-2012-3426

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE