CVE-2015-9240

Name of the Vulnerable Software and Affected Versions keystone versions prior to 0.3.16

Description The issue is related to a bug in the default sign in functionality, where incomplete email addresses could be matched, potentially allowing for partial authentication bypass. A correct password is still required to complete the sign in process. If an attacker provides a full and correct password along with only part of the associated email address, authentication may be granted.

Recommendations Update to version 0.3.16 or later.