Vulnerability Name: | CVE-2013-2157 (CCN-84970) | ||||||||||||||||
Assigned: | 2013-06-13 | ||||||||||||||||
Published: | 2013-06-13 | ||||||||||||||||
Updated: | 2019-08-08 | ||||||||||||||||
Summary: | OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | ||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-287 | ||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2013-2157 Source: REDHAT Type: Third Party Advisory RHSA-2013:0994 Source: REDHAT Type: Third Party Advisory RHSA-2013:1083 Source: CCN Type: SA53769 OpenStack Keystone LDAP Authentication Security Bypass Security Issue Source: CCN Type: OSSA 2013-015 Authentication bypass when using LDAP backend (CVE-2013-2157) Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20130613 [OSSA 2013-015] Authentication bypass when using LDAP backend (CVE-2013-2157) Source: BID Type: Third Party Advisory, VDB Entry 60545 Source: CCN Type: BID-60545 OpenStack Keystone CVE-2013-2157 Authentication Bypass Vulnerability Source: XF Type: UNKNOWN keystone-cve20132157-sec-bypass(84970) Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-2157 | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |