Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions before 2012.1.1 OpenStack Folsom versions before Folsom-1 OpenStack Essex (affected versions not specified)

Description The issue is related to the improper implementation of token expiration. This allows remote authenticated users to bypass intended authorization restrictions in three ways: (1) by creating new tokens through token chaining, (2) by leveraging possession of a token for a disabled user account, or (3) by leveraging possession of a token for an account with a changed password.

Recommendations For OpenStack Keystone versions before 2012.1.1, update to version 2012.1.1 or later to resolve the issue. For OpenStack Folsom versions before Folsom-1, update to Folsom-1 or later to resolve the issue. For OpenStack Essex, at the moment, there is no information about a newer version that contains a fix for this vulnerability.