CVE-2013-2104 Information

Description

python-keystoneclient before 0.2.4 as used in OpenStack Keystone (Folsom) does not properly check expiry for PKI tokens which allows remote authenticated users to (1) retain use of a token after it has expired or (2) use a revoked token once it expires.

Reference

http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html http://rhn.redhat.com/errata/RHSA-2013-0944.html http://www.openwall.com/lists/oss-security/2013/05/28/7 http://www.ubuntu.com/usn/USN-1851-1 http://www.ubuntu.com/usn/USN-1875-1 https://bugs.launchpad.net/python-keystoneclient/+bug/1179615