CVE-2012-3426

NONECVSS 0.0

0.0

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

🔗 References (28)

secalert@redhathttp://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
secalert@redhathttp://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
secalert@redhathttp://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
secalert@redhathttp://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
secalert@redhathttp://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
secalert@redhathttp://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
secalert@redhathttp://secunia.com/advisories/50045
secalert@redhathttp://secunia.com/advisories/50494
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/07/27/4
secalert@redhathttp://www.ubuntu.com/usn/USN-1552-1
secalert@redhathttps://bugs.launchpad.net/keystone/+bug/996595
secalert@redhathttps://bugs.launchpad.net/keystone/+bug/997194
secalert@redhathttps://bugs.launchpad.net/keystone/+bug/998185
secalert@redhathttps://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
af854a3a-2127-422b-91ae-364da2661108http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa

Is Your Infrastructure Affected by CVE-2012-3426?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3426

📅 Published

🔄 Last Modified

🔗 References (28)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3426?