Lbragstad

**Name of the Vulnerable Software and Affected Versions** OpenStack Identity (Keystone) versions 2014.1.x through 2014.1.2.1 OpenStack Identity (Keystone) version Juno before Juno-3 **Description** The issue allows remote authenticated users to bypass token expiration and retain access. This is achieved via a verification request to the "v3/auth/tokens/" endpoint. The `issued at` value for UUID v2 tokens is updated, enabling continued access. **Recommendations** For OpenStack Identity (Keystone) versions 2014.1.x through 2014.1.2.1, update to version 2014.1.2.1 or later to resolve the issue. For OpenStack Identity (Keystone) version Juno before Juno-3, apply the Juno-3 update to fix the problem. As a temporary workaround, consider restricting access to the "v3/auth/tokens/" endpoint to minimize the risk of exploitation.