CVE-2012-3426 - OpenCVE

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openstack	Essex Keystone Horizon

Configuration 1 [-]

OR	cpe:2.3:a:openstack:essex::::::::
	cpe:2.3:a:openstack:horizon:folsom-1:::::::*
	cpe:2.3:a:openstack:keystone:2012.1:::::::*
	cpe:2.3:a:openstack:keystone:2012.1.1:::::::*

References

Link	Resource
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355	Patch
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626	Exploit Patch
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de	Exploit Patch
http://secunia.com/advisories/50045
http://secunia.com/advisories/50494
http://www.openwall.com/lists/oss-security/2012/07/27/4	Patch
http://www.ubuntu.com/usn/USN-1552-1
https://bugs.launchpad.net/keystone/+bug/996595
https://bugs.launchpad.net/keystone/+bug/997194
https://bugs.launchpad.net/keystone/+bug/998185
https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-31T10:00:00

Updated: 2012-09-07T09:00:00

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3426

JSON object: View

NVD Information

Status : Modified

Published: 2012-07-31T10:45:42.670

Modified: 2012-09-07T04:30:35.663

Link: CVE-2012-3426

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-27T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-09-07T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/keystone/+bug/998185"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/keystone/+bug/997194"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"}, {"name": "50494", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50494"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/keystone/+bug/996595"}, {"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"}, {"name": "USN-1552-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1552-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"}, {"name": "50045", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50045"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3426", "datePublished": "2012-07-31T10:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2012-09-07T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*", "matchCriteriaId": "F50B9DA6-B071-4B48-A486-54CB3E64AE58", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*", "matchCriteriaId": "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*", "matchCriteriaId": "8DACEFF0-BA6A-4184-A1AB-397438034AF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5BD2FC1-7C36-4532-813A-DED5F0BD1FFF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."}, {"lang": "es", "value": "OpenStack Keystone antes de v2012.1.1, como se usa en OpenStack Folsom antes de Folsom-1 y OpenStack Essex, no implementan apropiadamente la expiraci\u00f3n de los token, lo que permite a usuarios autenticados remotamente evitar restricciones de acceso (1) creando nuevos token a trav\u00e9s de la cadena de token, (2) aprovechando la posesi\u00f3n de un token de una cuenta de usuario deshabilitada o (3) aprovechando la posesi\u00f3n de un token de una cuenta con una contrase\u00f1a cambiada"}], "id": "CVE-2012-3426", "lastModified": "2012-09-07T04:30:35.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-31T10:45:42.670", "references": [{"source": "secalert@redhat.com", "url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"}, {"source": "secalert@redhat.com", "url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"}, {"source": "secalert@redhat.com", "url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50045"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50494"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1552-1"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/keystone/+bug/996595"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/keystone/+bug/997194"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/keystone/+bug/998185"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}