CVE-2017-16613

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

Se descubrió un problema en middleware.py en OpenStack Swauth hasta la versión 1.2.0 cuando se utiliza con OpenStack Swift hasta la versión 2.15.1. El servidor proxy y el almacén de objetos de Swift guardan los tokens (sin los hashes correspondientes) que se recuperan del mecanismo de autenticación de middleware de Swauth en un archivo de log como parte de una URI GET. Esto permite que los atacantes omitan la autenticación insertando un token en una cabecera X-Auth-Token de una nueva petición. NOTA: las URL de github.com/openstack/swauth no quieren decir que hay un equipo oficial del proyecto OpenStack que mantenga Swauth.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-06 CVE Reserved
2017-11-21 CVE Published
2023-06-17 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/101926	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314	2017-12-12
https://bugs.launchpad.net/swift/+bug/1655781	2017-12-12
https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298	2017-12-12

URL	Date	SRC
https://www.debian.org/security/2017/dsa-4044	2017-12-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Swauth Search vendor "Openstack" for product "Swauth"				<= 1.2.0 Search vendor "Openstack" for product "Swauth" and version " <= 1.2.0"		-		Affected
Openstack Search vendor "Openstack"		Swift Search vendor "Openstack" for product "Swift"				<= 2.15.1 Search vendor "Openstack" for product "Swift" and version " <= 2.15.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected