CVE-2012-5563 Information

Feb 14, 2021 cve

Description

OpenStack Keystone as used in OpenStack Folsom 2012.2 does not properly implement token expiration which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

Reference

http://rhn.redhat.com/errata/RHSA-2012-1557.html http://secunia.com/advisories/51423 http://secunia.com/advisories/51436 http://www.openwall.com/lists/oss-security/2012/11/28/5 http://www.openwall.com/lists/oss-security/2012/11/28/6 http://www.securityfocus.com/bid/56727 http://www.ubuntu.com/usn/USN-1641-1 https://bugs.launchpad.net/keystone/+bug/1079216 https://exchange.xforce.ibmcloud.com/vulnerabilities/80370 https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5 https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

Share on: