OpenStack Keystone EC2-style Authentication Bypass Vulnerability

OpenStack Keystone EC2-style Authentication Bypass Vulnerability

CVE-2013-0282 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.

Learn more about our User Device Pen Test.