CVE-2012-5563

OpenStack Keystone - Auth Bypass

Title source: llm

Description

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

References (11)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-1557.html

[Vendor Advisory] http://secunia.com/advisories/51423

[Vendor Advisory] http://secunia.com/advisories/51436

[Patch] http://www.openwall.com/lists/oss-security/2012/11/28/5

[Patch] http://www.openwall.com/lists/oss-security/2012/11/28/6

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56727

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1641-1

[Issue Tracking] https://bugs.launchpad.net/keystone/+bug/1079216

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80370

[Patch] https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

[Patch] https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

Scores

EPSS 0.0039

EPSS Percentile 59.8%

Classification

CWE

CWE-255

Status draft

Affected Products (2)

openstack/folsom

pypi/keystone < 8.0.0PyPI

Timeline

Published Dec 18, 2012

Tracked Since Feb 18, 2026