Showing 1 - 3 of 3

CVE-2013-2157

Status Candidate

Overview

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

Related Files

Red Hat Security Advisory 2013-1083-01: Posted Jul 17, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-1083-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2013-2157; SHA-256 | f7335f06806387494c444983aa45f063b423edb34d8f85e771e34b0897104964; Download | Favorite | View

Red Hat Security Advisory 2013-0994-01: Posted Jun 27, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-0994-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2013-2157; SHA-256 | 32c7604db4e8db147fcbddd83a091aa60f03d25791155e16d28b79f42a471506; Download | Favorite | View

Ubuntu Security Notice USN-1875-1: Posted Jun 14, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1875-1 - Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu 12.10 which does not use PKI tokens by default. Jose Castro Leon discovered that Keystone did not properly authenticate users when using the LDAP backend. An attacker could obtain valid tokens and impersonate other users by supplying an empty password. By default, Ubuntu does not use the LDAP backend. Various other issues were also addressed.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2013-2104, CVE-2013-2157, CVE-2013-2104, CVE-2013-2157; SHA-256 | 1cb5daa1d046cc30e236c0c00c00ef32e4a05f8cd353fce3c781247855fb7f22; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 295 files
Ubuntu 58 files
Debian 33 files
Gentoo 32 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,598)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,755)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,493)
UNIX (9,400)
UnixWare (187)
Windows (6,659)
Other

CVE-2013-2157

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems