CVE-2013-2157

OpenStack Keystone >=2012.2 <2012.2.4 - Unauthenticated Authentication Bypass via Empty LDAP Password

Title source: llm
STIX 2.1

Description

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

References (4)

Core 4
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/06/13/3
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1083.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/60545
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0994.html

Scores

EPSS 0.0021
EPSS Percentile 43.5%

Details

CWE
CWE-287
Status published
Products (1)
openstack/keystone 2012.2 - 2012.2.4
Published Aug 20, 2013
Tracked Since Feb 18, 2026