PT-2014-4910 · Openstack · Openstack Identity

Abu Shohel Ahmed

Published

2014-04-15

Updated

2022-05-17

CVE-2014-2828

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions 2013.1 through 2013.2.3 OpenStack Identity (Keystone) versions icehouse through icehouse-rc1

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending a large number of the same authentication method in a request. This is related to "authentication chaining" in the V3 API.

Recommendations For OpenStack Identity (Keystone) versions 2013.1 through 2013.2.3, update to version 2013.2.4 or later. For OpenStack Identity (Keystone) versions icehouse through icehouse-rc1, update to icehouse-rc2 or later.

Fix

DoS

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-2828

GHSA-6MV3-P2GR-WGQF

PYSEC-2014-106

RHSA-2014:1688

Affected Products

Openstack Identity

PT-2014-4910 · Openstack · Openstack Identity

CVE-2014-2828

Weakness Enumeration

Related Identifiers

Affected Products

References · 17