CVE-2012-3426

OpenStack Keystone < 2012.1.1 - Authenticated Token Expiration Bypass via Token Chaining

Title source: llm
STIX 2.1

Description

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

References (14)

Core 14
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/keystone/+bug/998185
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/keystone/+bug/997194
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50494
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/keystone/+bug/996595
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/27/4
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1552-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50045

Scores

EPSS 0.0056
EPSS Percentile 68.5%

Details

CWE
CWE-264
Status published
Products (5)
openstack/essex
openstack/horizon folsom-1
openstack/keystone 2012.1
openstack/keystone 2012.1.1
pypi/Keystone 0 - 8.0.0a0PyPI
Published Jul 31, 2012
Tracked Since Feb 18, 2026