CVE-2013-0282 Information

Description

OpenStack Keystone Grizzly before 2013.1 Folsom 2012.1.3 and earlier and Essex does not properly check if the (1) user (2) tenant or (3) domain is enabled when using EC2-style authentication which allows context-dependent attackers to bypass access restrictions.

Reference

http://www.openwall.com/lists/oss-security/2013/02/19/3 https://bugs.launchpad.net/keystone/+bug/1121494 https://launchpad.net/keystone/+milestone/2012.2.4 https://launchpad.net/keystone/grizzly/2013.1 https://review.openstack.org//c/22319/ https://review.openstack.org//c/22320/ https://review.openstack.org//c/22321/