Token Retention Vulnerability in OpenStack Identity (Keystone)

Token Retention Vulnerability in OpenStack Identity (Keystone)

CVE-2013-4222 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

Learn more about our User Device Pen Test.