CVE-2014-5252

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions 2014.1.x through 2014.1.2.1 OpenStack Identity (Keystone) version Juno before Juno-3

Description The issue allows remote authenticated users to bypass token expiration and retain access. This is achieved via a verification request to the "v3/auth/tokens/" endpoint. The issued at value for UUID v2 tokens is updated, enabling continued access.

Recommendations For OpenStack Identity (Keystone) versions 2014.1.x through 2014.1.2.1, update to version 2014.1.2.1 or later to resolve the issue. For OpenStack Identity (Keystone) version Juno before Juno-3, apply the Juno-3 update to fix the problem. As a temporary workaround, consider restricting access to the "v3/auth/tokens/" endpoint to minimize the risk of exploitation.