CVE-2021-3563

HIGH

OpenStack Keystone - Incorrect Authorization via Truncated Application Secret Verification

Title source: llm

Description

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

References (5)

Core 5

Core References

Exploit, Issue Tracking, Third Party Advisory, VDB Entry x_refsource_misc

https://bugs.launchpad.net/ossa/+bug/1901891

Exploit, Issue Tracking, Third Party Advisory, Vendor Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1962908

Issue Tracking, Third Party Advisory x_refsource_misc

https://access.redhat.com/security/cve/CVE-2021-3563

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://security-tracker.debian.org/tracker/CVE-2021-3563

Mailing List

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

Scores

CVSS v3 7.4

EPSS 0.0004

EPSS Percentile 12.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-863

Status published

Products (8)

debian/debian_linux 10.0

debian/debian_linux 11.0

openstack/keystone

pypi/keystone 0PyPI

redhat/openstack_platform 10.0

redhat/openstack_platform 13.0

redhat/openstack_platform 16.1

redhat/openstack_platform 16.2

Published Aug 26, 2022

Tracked Since Feb 18, 2026