Openstack · Openstack Identity · CVE-2014-2828
**Name of the Vulnerable Software and Affected Versions**
OpenStack Identity (Keystone) versions 2013.1 through 2013.2.3
OpenStack Identity (Keystone) versions icehouse through icehouse-rc1
**Description**
The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending a large number of the same authentication method in a request. This is related to "authentication chaining" in the V3 API.
**Recommendations**
For OpenStack Identity (Keystone) versions 2013.1 through 2013.2.3, update to version 2013.2.4 or later.
For OpenStack Identity (Keystone) versions icehouse through icehouse-rc1, update to icehouse-rc2 or later.