CVE-2014-2828

Openstack Keystone < 8.0.0a0 - Authentication Bypass

Title source: rule

Description

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-1688.html

[Issue Tracking] https://bugs.launchpad.net/keystone/+bug/1300274

[Mailing List] http://www.openwall.com/lists/oss-security/2014/04/10/20

Scores

EPSS 0.0086

EPSS Percentile 74.8%

Classification

CWE

CWE-287

Status draft

Affected Products (9)

openstack/keystone

pypi/keystone < 8.0.0a0PyPI

Timeline

Published Apr 15, 2014

Tracked Since Feb 18, 2026