Vulnerability Name:

CVE-2012-3426 (CCN-77242)

Assigned:2012-07-27
Published:2012-07-27
Updated:2012-09-07
Summary:OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)
3.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2012-3426

Source: CCN
Type: OpenStack Web site
Welcome to Keystone, the OpenStack Identity Service!

Source: CONFIRM
Type: UNKNOWN
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa

Source: CONFIRM
Type: Patch
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

Source: CONFIRM
Type: Exploit, Patch
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

Source: CONFIRM
Type: UNKNOWN
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

Source: CONFIRM
Type: UNKNOWN
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454

Source: CONFIRM
Type: Exploit, Patch
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de

Source: CCN
Type: SA50045
OpenStack Keystone Token Expiration Security Bypass Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
50045

Source: SECUNIA
Type: UNKNOWN
50494

Source: MLIST
Type: Patch
[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)

Source: CCN
Type: OSVDB ID: 84334
OpenStack Keystone Password Change Token Persistance

Source: CCN
Type: OSVDB ID: 84335
OpenStack Keystone Token Expiration Mechanism Disabled User Token Invalidation Failure

Source: CCN
Type: OSVDB ID: 84336
OpenStack Keystone Token Expiration Mechanism New Token Request Parsing Token Expiration Time Extension

Source: CCN
Type: BID-54709
OpenStack Keystone Token Expiration Multiple Security Bypass Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-1552-1

Source: CONFIRM
Type: UNKNOWN
https://bugs.launchpad.net/keystone/+bug/996595

Source: CONFIRM
Type: UNKNOWN
https://bugs.launchpad.net/keystone/+bug/997194

Source: CONFIRM
Type: UNKNOWN
https://bugs.launchpad.net/keystone/+bug/998185

Source: XF
Type: UNKNOWN
keystone-tokens-sec-bypass(77242)

Source: CONFIRM
Type: Patch
https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz

Source: CCN
Type: OpenStack Security Advisory: 2012-010
Various Keystone token expiration issues (CVE-2012-3426)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openstack:essex:*:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:horizon:folsom-1:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:keystone:2012.1:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openstack:keystone:12.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17820
    P
    		USN-1641-1 -- keystone vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18010
    P
    		USN-1552-1 -- keystone vulnerabilities
    2014-06-30
    oval:com.ubuntu.precise:def:20123426000
    V
    		CVE-2012-3426 on Ubuntu 12.04 LTS (precise) - low.
    2012-07-31
    BACK
    openstack essex *
    openstack horizon folsom-1
    openstack keystone 2012.1
    openstack keystone 2012.1.1
    openstack keystone 12.0.0