CVE-2014-5252
openstack-keystone: token expiration date stored incorrectly
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
La API V3 en OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 actualiza el valor issued_at para los tokens UUID v2, loque permite a usuarios remotos autenticados evadir la caducidad de tokens y conservar el acceso a través de una solicitud (1) GET o (2) HEAD de verificación en v3/auth/tokens/.
A flaw was found in keystone revocation events that resulted in the "issued_at" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID tokens were affected.
The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-08-15 CVE Reserved
- 2014-08-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
- CWE-613: Insufficient Session Expiration
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/08/15/6 | Mailing List |
|
| https://bugs.launchpad.net/keystone/+bug/1348820 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1121.html | 2014-10-10 | |
| http://rhn.redhat.com/errata/RHSA-2014-1122.html | 2014-10-10 | |
| http://www.ubuntu.com/usn/USN-2324-1 | 2014-10-10 | |
| https://access.redhat.com/security/cve/CVE-2014-5252 | 2014-09-02 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1127250 | 2014-09-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 2014.1 Search vendor "Openstack" for product "Keystone" and version "2014.1" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 2014.1.2 Search vendor "Openstack" for product "Keystone" and version "2014.1.2" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | juno-1 Search vendor "Openstack" for product "Keystone" and version "juno-1" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | juno-2 Search vendor "Openstack" for product "Keystone" and version "juno-2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||