OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-31T10:00:00

Updated: 2024-08-06T20:05:12.524Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3426

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-07-31T10:45:42.670

Modified: 2024-11-21T01:40:51.183

Link: CVE-2012-3426

cve-icon Redhat

No data.