ID CVE-2012-5563
Summary OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2012:1557
rpms
  • openstack-keystone-0:2012.2.1-1.el6ost
  • openstack-keystone-doc-0:2012.2.1-1.el6ost
  • python-keystone-0:2012.2.1-1.el6ost
refmap via4
bid 56727
confirm
mlist
  • [oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)
  • [oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)
secunia
  • 51423
  • 51436
ubuntu USN-1641-1
xf folsom-tokens-security-bypass(80370)
Last major update 29-08-2017 - 01:32
Published 18-12-2012 - 01:55
Last modified 29-08-2017 - 01:32
Back to Top