Back to search
CVE-2012-3426
Published: Jul 31, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugs.launchpad.net/keystone/+bug/998185
x_refsource_CONFIRM
https://bugs.launchpad.net/keystone/+bug/997194
x_refsource_CONFIRM
50494
third-party-advisory
x_refsource_SECUNIA
https://bugs.launchpad.net/keystone/+bug/996595
x_refsource_CONFIRM
[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)
mailing-list
x_refsource_MLIST
USN-1552-1
vendor-advisory
x_refsource_UBUNTU
50045
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now