CVE Vulnerabilities

CVE-2012-4457

Improper Authentication

Published: Oct 09, 2012 | Modified: Nov 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenants resources by requesting a token for the tenant.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Keystone Openstack 2012.2 2012.2
Keystone Openstack 2012.1 *
Keystone Openstack 2012.2 2012.2

Potential Mitigations

References