CVE-2013-2157
Published: 13 June 2013
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
Notes
Author | Note |
---|---|
seth-arnold | patches in Message-ID: <51B1A6BC.9050307@openstack.org> |
jdstrand | 12.04 LTS does not have 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 which is required to be exposed to this bug (ie anonymous binds fail without it) If 0d32a417c811ce37b1b7ea1fbbc0a8376b9b3723 is applied then the patch for folsom will work with some light modifications. |
Priority
Status
Package | Release | Status |
---|---|---|
keystone Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Released
(2012.2.4-0ubuntu3.1)
|
|
raring |
Released
(1:2013.1.1-0ubuntu2.1)
|
|
upstream |
Released
(1:2013.2~rc4)
|
|
Patches: upstream: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff;h=35eb7bbc0d28721122c25a64ab687af23ecf6000 upstream: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff;h=c100fd2f1fe024cb2f731bfdd283cee36259e6e3 |