Dolph Mathews

6 exploits Active since Sep 2012
CVE-2012-4456 WRITEUP WRITEUP
OpenStack Keystone < 2012.1.2 - Improper Authentication via X-Auth-Token Validation
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
CVE-2012-4456 WRITEUP WRITEUP
OpenStack Keystone < 2012.1.2 - Improper Authentication via X-Auth-Token Validation
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
CVE-2012-3542 WRITEUP WRITEUP
OpenStack Keystone < 2012.1 - Unauthenticated User Addition to Arbitrary Tenant via Default Tenant Update
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
CVE-2012-4456 WRITEUP WRITEUP
OpenStack Keystone < 2012.1.2 - Improper Authentication via X-Auth-Token Validation
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
CVE-2012-4457 WRITEUP WRITEUP
OpenStack Keystone Essex < 2012.1.2 and Folsom < folsom-3 - Authenticated Improper Authentication
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
CVE-2012-5563 WRITEUP WRITEUP
OpenStack Keystone < 8.0.0 - Authenticated Authorization Bypass via Token Chaining
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.