What is the severity of REDHAT-BUG-1004452?

The severity of REDHAT-BUG-1004452 is critical due to token revocation failure, posing significant security risks.

How do I fix REDHAT-BUG-1004452?

To fix REDHAT-BUG-1004452, upgrade your OpenStack Keystone installation to a version beyond Grizzly.

Which versions of Keystone are affected by REDHAT-BUG-1004452?

REDHAT-BUG-1004452 affects OpenStack Keystone versions from Folsom to Grizzly.

What products are impacted by REDHAT-BUG-1004452?

The impacted product by REDHAT-BUG-1004452 is OpenStack Keystone when using memcache or KVS backends.

Who reported the vulnerability REDHAT-BUG-1004452?

The vulnerability REDHAT-BUG-1004452 was reported by Kieran Spear from the University of Melbourne.

Vulnerability/
REDHAT-BUG-1004452

medium

4/9/2013

18/10/2023

REDHAT-BUG-1004452

First published: Wed Sep 04 2013(Updated: )

Thierry Carrez reports: Title: Token revocation failure using Keystone memcache/KVS backends Reporter: Kieran Spear (University of Melbourne) Products: Keystone Affects: Folsom, Grizzly Description: Kieran Spear from the University of Melbourne reported a vulnerability in Keystone memcache and KVS token backends. The PKI token revocation lists stored the entire token instead of the token ID, triggering comparison failures, ultimately resulting in revoked PKI tokens still being considered valid. Only Folsom and Grizzly Keystone setups making use of PKI tokens with the memcache or KVS token backends are affected. Havana setups, setups using UUID tokens, or setups using PKI tokens with the SQL token backend are all unaffected.

Affected Software	Affected Version	How to fix
Keystone	>=Folsom<=Grizzly

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1004452?
The severity of REDHAT-BUG-1004452 is critical due to token revocation failure, posing significant security risks.
How do I fix REDHAT-BUG-1004452?
To fix REDHAT-BUG-1004452, upgrade your OpenStack Keystone installation to a version beyond Grizzly.
Which versions of Keystone are affected by REDHAT-BUG-1004452?
REDHAT-BUG-1004452 affects OpenStack Keystone versions from Folsom to Grizzly.
What products are impacted by REDHAT-BUG-1004452?
The impacted product by REDHAT-BUG-1004452 is OpenStack Keystone when using memcache or KVS backends.
Who reported the vulnerability REDHAT-BUG-1004452?
The vulnerability REDHAT-BUG-1004452 was reported by Kieran Spear from the University of Melbourne.

collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-4294
agent/references
agent/last-modified-date
agent/severity
agent/type
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/openstack
canonical/keystone

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.