CVE-2012-3426
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
OpenStack Keystone antes de v2012.1.1, como se usa en OpenStack Folsom antes de Folsom-1 y OpenStack Essex, no implementan apropiadamente la expiración de los token, lo que permite a usuarios autenticados remotamente evitar restricciones de acceso (1) creando nuevos token a través de la cadena de token, (2) aprovechando la posesión de un token de una cuenta de usuario deshabilitada o (3) aprovechando la posesión de un token de una cuenta con una contraseña cambiada
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-06-14 CVE Reserved
- 2012-07-31 CVE Published
- 2023-06-21 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa | X_refsource_confirm | |
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d | X_refsource_confirm | |
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454 | X_refsource_confirm | |
http://secunia.com/advisories/50045 | Third Party Advisory | |
http://secunia.com/advisories/50494 | Third Party Advisory | |
https://bugs.launchpad.net/keystone/+bug/996595 | X_refsource_confirm | |
https://bugs.launchpad.net/keystone/+bug/997194 | X_refsource_confirm | |
https://bugs.launchpad.net/keystone/+bug/998185 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
http://www.ubuntu.com/usn/USN-1552-1 | 2012-09-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Essex Search vendor "Openstack" for product "Essex" | * | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Horizon Search vendor "Openstack" for product "Horizon" | folsom-1 Search vendor "Openstack" for product "Horizon" and version "folsom-1" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 2012.1 Search vendor "Openstack" for product "Keystone" and version "2012.1" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 2012.1.1 Search vendor "Openstack" for product "Keystone" and version "2012.1.1" | - |
Affected
|