Sam Stoelinga

**Name of the Vulnerable Software and Affected Versions** OpenStack Identity (Keystone) versions Folsom 2012.2.4 and earlier OpenStack Identity (Keystone) versions Grizzly before 2013.1.1 **Description** The issue allows remote authenticated users to retain access via an authentication token even after a user is deleted through the Keystone v2 API. **Recommendations** For OpenStack Identity (Keystone) versions Folsom 2012.2.4 and earlier, update to a version later than 2012.2.4 to ensure authentication tokens are properly revoked when a user is deleted. For OpenStack Identity (Keystone) versions Grizzly before 2013.1.1, update to version 2013.1.1 or later to resolve the issue.