Showing 1 - 3 of 3

CVE-2013-2157

Status Candidate

Overview

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

Related Files

Red Hat Security Advisory 2013-1083-01: Posted Jul 17, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-1083-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2013-2157; SHA-256 | f7335f06806387494c444983aa45f063b423edb34d8f85e771e34b0897104964; Download | Favorite | View

Red Hat Security Advisory 2013-0994-01: Posted Jun 27, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-0994-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2013-2157; SHA-256 | 32c7604db4e8db147fcbddd83a091aa60f03d25791155e16d28b79f42a471506; Download | Favorite | View

Ubuntu Security Notice USN-1875-1: Posted Jun 14, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1875-1 - Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu 12.10 which does not use PKI tokens by default. Jose Castro Leon discovered that Keystone did not properly authenticate users when using the LDAP backend. An attacker could obtain valid tokens and impersonate other users by supplying an empty password. By default, Ubuntu does not use the LDAP backend. Various other issues were also addressed.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2013-2104, CVE-2013-2157, CVE-2013-2104, CVE-2013-2157; SHA-256 | 1cb5daa1d046cc30e236c0c00c00ef32e4a05f8cd353fce3c781247855fb7f22; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 60 files
LiquidWorm 20 files
Debian 19 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,159)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,840)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,974)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2013-2157

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems