An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesnt have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Keystone | Openstack | * | 15.0.1 (excluding) |
| Keystone | Openstack | 16.0.0 (including) | 16.0.0 (including) |
| Keystone | Ubuntu | bionic | * |
| Keystone | Ubuntu | eoan | * |
| Keystone | Ubuntu | esm-infra/xenial | * |
| Keystone | Ubuntu | trusty | * |
| Keystone | Ubuntu | upstream | * |
| Keystone | Ubuntu | xenial | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | openstack-keystone-1:13.0.4-3.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | openstack-keystone-1:13.0.4-3.el7ost | * |
| Red Hat OpenStack Platform 15.0 (Stein) | RedHat | openstack-keystone-1:15.0.1-0.20200512110437.95b2bbe.el8ost | * |
| Red Hat OpenStack Platform 16.0 (Train) | RedHat | openstack-keystone-1:16.0.1-0.20200511063421.40cbb7b.el8ost | * |