Vulnerability DatabaseCVE-2012-3426
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2012-3426
July 31, 2012
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
Related ResourcesĀ (20)
https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
http://www.openwall.com/lists/oss-security/2012/07/27/4
http://secunia.com/advisories/50494
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
https://bugs.launchpad.net/keystone/+bug/997194
https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
https://nvd.nist.gov/vuln/detail/CVE-2012-3426
https://github.com/openstack/keystone
https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
http://www.ubuntu.com/usn/USN-1552-1
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
https://bugs.launchpad.net/keystone/+bug/998185
https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
http://secunia.com/advisories/50045
https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
https://bugs.launchpad.net/keystone/+bug/996595
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
4.9
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
EPSS
Base Score:
0.56