QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4294

Published: Sep 23, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20130911 [OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294)

mailing-list

x_refsource_MLIST

https://bugs.launchpad.net/keystone/+bug/1202952

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.