OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2013-0994.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2013-1083.html | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2013/06/13/3 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/60545 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-08-20T22:00:00Z
Updated: 2013-08-20T22:00:00Z
Reserved: 2013-02-19T00:00:00Z
Link: CVE-2013-2157
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-08-20T22:55:04.013
Modified: 2019-08-08T16:55:26.347
Link: CVE-2013-2157
JSON object: View
Redhat Information
No data.
CWE