Mdrnstm

**Name of the Vulnerable Software and Affected Versions** OpenStack Identity (Keystone) versions 2013.1 through 2013.1.4 OpenStack Identity (Keystone) versions 2013.2 through 2013.2.2 OpenStack Identity (Keystone) icehouse before icehouse-3 **Description** The issue concerns the memcache token backend in OpenStack Identity (Keystone). When a trust token with impersonation enabled is issued, it is not included in the trustee's token-index-list. This prevents the token from being invalidated by bulk token revocation, allowing the trustee to bypass intended access restrictions. **Recommendations** For OpenStack Identity (Keystone) versions 2013.1 through 2013.1.4, update to a version that includes the fix for this issue. For OpenStack Identity (Keystone) versions 2013.2 through 2013.2.2, update to a version that includes the fix for this issue. For OpenStack Identity (Keystone) icehouse before icehouse-3, update to icehouse-3 or a later version that includes the fix for this issue.