OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://bugs.launchpad.net/keystone/+bug/1795800 |
History
Thu, 14 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-17T06:00:00
Updated: 2024-11-14T20:09:49.052Z
Reserved: 2018-12-17T00:00:00
Link: CVE-2018-20170
Vulnrichment
Updated: 2024-08-05T11:51:19.331Z
NVD
Status : Modified
Published: 2018-12-17T07:29:00.747
Modified: 2024-11-21T04:01:00.210
Link: CVE-2018-20170
Redhat
No data.