CVE-2021-3563

Severity Score

7.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Se ha encontrado un fallo en openstack-keystone. Sólo son verificados los primeros 72 caracteres del secreto de una aplicación, lo que permite a atacantes omitir determinada complejidad de las contraseñas con la que pueden contar los administradores. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos.

*Credits: N/A

CVSS Scores

NISTv3.1 7.4

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-05-21 CVE Reserved
2022-08-26 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-08-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-863: Incorrect Authorization

CAPEC

References (5)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2021-3563	Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

URL	Date	SRC
https://bugs.launchpad.net/ossa/+bug/1901891	2024-08-03
https://bugzilla.redhat.com/show_bug.cgi?id=1962908	2024-08-03
https://security-tracker.debian.org/tracker/CVE-2021-3563	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Keystone Search vendor "Openstack" for product "Keystone"				*		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Platform Search vendor "Redhat" for product "Openstack Platform"				10.0 Search vendor "Redhat" for product "Openstack Platform" and version "10.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Platform Search vendor "Redhat" for product "Openstack Platform"				13.0 Search vendor "Redhat" for product "Openstack Platform" and version "13.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Platform Search vendor "Redhat" for product "Openstack Platform"				16.1 Search vendor "Redhat" for product "Openstack Platform" and version "16.1"		-		Affected
Redhat Search vendor "Redhat"		Openstack Platform Search vendor "Redhat" for product "Openstack Platform"				16.2 Search vendor "Redhat" for product "Openstack Platform" and version "16.2"		-		Affected