Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-3426
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-31 Jul, 2012 | 10:45
Updated At-29 Apr, 2026 | 01:13

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.9MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.9
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:N
CPE Matches
OpenStack
openstack
>>essex>>*
cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*
OpenStack
openstack
>>horizon>>folsom-1
cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*
OpenStack
openstack
>>keystone>>2012.1
cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
OpenStack
openstack
>>keystone>>2012.1.1
cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aasecalert@redhat.com
N/A
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355secalert@redhat.com
Patch
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626secalert@redhat.com
Exploit
Patch
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5dsecalert@redhat.com
N/A
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454secalert@redhat.com
N/A
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56desecalert@redhat.com
Exploit
Patch
http://secunia.com/advisories/50045secalert@redhat.com
N/A
http://secunia.com/advisories/50494secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/07/27/4secalert@redhat.com
Patch
http://www.ubuntu.com/usn/USN-1552-1secalert@redhat.com
N/A
https://bugs.launchpad.net/keystone/+bug/996595secalert@redhat.com
N/A
https://bugs.launchpad.net/keystone/+bug/997194secalert@redhat.com
N/A
https://bugs.launchpad.net/keystone/+bug/998185secalert@redhat.com
N/A
https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gzsecalert@redhat.com
Patch
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aaaf854a3a-2127-422b-91ae-364da2661108
N/A
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355af854a3a-2127-422b-91ae-364da2661108
Patch
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5daf854a3a-2127-422b-91ae-364da2661108
N/A
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454af854a3a-2127-422b-91ae-364da2661108
N/A
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56deaf854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://secunia.com/advisories/50045af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/50494af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/07/27/4af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.ubuntu.com/usn/USN-1552-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.launchpad.net/keystone/+bug/996595af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.launchpad.net/keystone/+bug/997194af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.launchpad.net/keystone/+bug/998185af854a3a-2127-422b-91ae-364da2661108
N/A
https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gzaf854a3a-2127-422b-91ae-364da2661108
Patch
Hyperlink: http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: http://secunia.com/advisories/50045
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/50494
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/07/27/4
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.ubuntu.com/usn/USN-1552-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/996595
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/997194
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/998185
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://secunia.com/advisories/50045
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/50494
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/07/27/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.ubuntu.com/usn/USN-1552-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/996595
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/997194
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/998185
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Change History
0Changes found
Details not found