Openstack · Openstack Keystone · CVE-2013-2157
**Name of the Vulnerable Software and Affected Versions**
OpenStack Keystone versions Folsom through Havana, specifically Grizzly before 2013.1.3
**Description**
The issue allows remote attackers to bypass authentication via an empty password when using LDAP with Anonymous binding.
**Recommendations**
For OpenStack Keystone versions Folsom through Havana, specifically Grizzly before 2013.1.3, update to version 2013.1.3 or later to resolve the issue.