Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5563

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-5563
Last Modified 22 Aug 2013 02:46:42
Published 17 Dec 2012 08:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5563

Summary

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

Vulnerable Systems

Application

  • Openstack Folsom 2012.2


References

CONFIRM - https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

CONFIRM - https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

CONFIRM - https://bugs.launchpad.net/keystone/+bug/1079216

UBUNTU - USN-1641-1

MLIST - [oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)

MLIST - [oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)

SECUNIA - 51436

SECUNIA - 51423

REDHAT - RHSA-2012:1557

BID - 56727

XF - folsom-tokens-security-bypass(80370)


Last Updated: 27 May 2016 10:49:52