← Zuruck zu CVEs
CVE-2012-3426
N/ABeschreibung
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht7/31/2012
Zuletzt geandert4/29/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
openstack:essexopenstack:horizonopenstack:keystone
Schwachen (CWE)
CWE-264
Referenzen
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa(secalert@redhat.com)
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355(secalert@redhat.com)
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626(secalert@redhat.com)
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d(secalert@redhat.com)
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454(secalert@redhat.com)
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de(secalert@redhat.com)
http://secunia.com/advisories/50045(secalert@redhat.com)
http://secunia.com/advisories/50494(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2012/07/27/4(secalert@redhat.com)
http://www.ubuntu.com/usn/USN-1552-1(secalert@redhat.com)
https://bugs.launchpad.net/keystone/+bug/996595(secalert@redhat.com)
https://bugs.launchpad.net/keystone/+bug/997194(secalert@redhat.com)
https://bugs.launchpad.net/keystone/+bug/998185(secalert@redhat.com)
https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz(secalert@redhat.com)
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa(af854a3a-2127-422b-91ae-364da2661108)
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355(af854a3a-2127-422b-91ae-364da2661108)
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626(af854a3a-2127-422b-91ae-364da2661108)
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d(af854a3a-2127-422b-91ae-364da2661108)
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454(af854a3a-2127-422b-91ae-364da2661108)
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/50045(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/50494(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/07/27/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1552-1(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/keystone/+bug/996595(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/keystone/+bug/997194(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/keystone/+bug/998185(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.