Derek Higginson

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions before 2012.1.1 OpenStack Folsom versions before Folsom-1 OpenStack Essex (affected versions not specified) **Description** The issue allows remote authenticated users to bypass intended authorization restrictions. This can be achieved by creating new tokens through token chaining, leveraging possession of a token for a disabled user account, or leveraging possession of a token for an account with a changed password. **Recommendations** For OpenStack Keystone versions before 2012.1.1, update to version 2012.1.1 or later to resolve the issue. For OpenStack Folsom versions before Folsom-1, update to Folsom-1 or later to resolve the issue. For OpenStack Essex, at the moment, there is no information about a newer version that contains a fix for this vulnerability.