Информационная безопасность
[RU] switch to English


Обход ограничений в OpenStack Keystone
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12572
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход ограничений администратора и времени жизни токена.
Затронутые продукты:OPENSTACK : KeyStone 2012.1
CVE:CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.)
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.)
Оригинальный текстdocumentUBUNTU, [USN-1552-1] OpenStack Keystone vulnerabilities (03.09.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород