Home > Vulnerability Database > CVE-2012-3426

Mend.io Vulnerability Database

CVE-2012-3426

Good to know:

Date: July 31, 2012

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

Language: Python

Severity Score

4.2

Related Resources (20)

Url: http://www.ubuntu.com/usn/USN-1552-1

Url: http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa

Url: http://secunia.com/advisories/50045

Url: https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

Url: http://secunia.com/advisories/50494

Url: https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz

Url: https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-3426

Url: http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

Url: https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

Url: https://bugs.launchpad.net/keystone/+bug/996595

Url: https://github.com/openstack/keystone

Url: https://bugs.launchpad.net/keystone/+bug/998185

Url: http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

Url: http://www.openwall.com/lists/oss-security/2012/07/27/4

Url: https://bugs.launchpad.net/keystone/+bug/997194

Url: http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454

Url: http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de

Url: http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

Url: https://www.mend.io/vulnerability-database/CVE-2012-3426

Severity Score

4.2

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

Upgrade Version

Upgrade to version 2012.1.1

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.9
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-3426

Good to know:

Date: July 31, 2012

Language: Python

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?