CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2157 – openstack-keystone: Authentication bypass when using LDAP backend
https://notcve.org/view.php?id=CVE-2013-2157
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. OpenStack Swift Folsom, Grizzly anterior a 2013.1.3 y Havana, cuando utilizan LDAP con binding anónimo, permite a atacantes remotos evitar la autenticación con una contraseña en blanco. • http://rhn.redhat.com/errata/RHSA-2013-0994.html http://rhn.redhat.com/errata/RHSA-2013-1083.html http://www.openwall.com/lists/oss-security/2013/06/13/3 http://www.securityfocus.com/bid/60545 https://access.redhat.com/security/cve/CVE-2013-2157 https://bugzilla.redhat.com/show_bug.cgi?id=971884 • CWE-287: Improper Authentication •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2006 – keystone: DEBUG level LDAP password disclosure in log files
https://notcve.org/view.php?id=CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. OpenStack Identity (Keystone) Grizzly 2013.1.1 cuando el modo DEBUG para el login está activado, registra (1) admin_token and (2) LDAP password en texto plano, lo que permite a usuarios locales obtener información sensible leyendo el archivo de log. • https://github.com/LogSec/CVE-2013-2006 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html http://rhn.redhat.com/errata/RHSA-2013-0806.html http://www.openwall.com/lists/oss-security/2013/04/24/1 http://www.openwall.com/lists/oss-security/2013/04/24/2 http://www.securityfocus.com/bid/59411 https://bugs.launchpad.net/keystone/+bug/1172195 https://bugs.launchpad.net • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2013-0247 – Keystone: denial of service through invalid token requests
https://notcve.org/view.php?id=CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. OpenStack Keystone Essex v2012.1.3 y anteriores, y Grizzly grizzly-2 y anteriores permiten a atacantes remotos generar una denegación de servicio (consumo de disco) mediante una solicitud de token inválida que genera una excesiva cantidad de entradas de registro. • http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html http://rhn.redhat.com/errata/RHSA-2013-0253.html http://www.securityfocus.com/bid/57747 http://www.ubuntu.com/usn/USN-1715-1 https://bugs.launchpad.net/keystone/+bug/1098307 https://bugzilla.redhat.com/show_bug.cgi?id=906171 https://access.redhat.com/security/cve/CVE-2013-0247 • CWE-399: Resource Management Errors •