Token Expiry Bypass and Revocation Exploit in python-keystoneclient

Token Expiry Bypass and Revocation Exploit in python-keystoneclient

CVE-2013-2104 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

Learn more about our User Device Pen Test.