OSSA-2013-003: Keystone denial of service through invalid token requests

OSSA-2013-003: Keystone denial of service through invalid token requests¶

Date:: February 05, 2013
CVE:: CVE-2013-0247

Affects¶

Keystone: All versions

Description¶

Dan Prince of Red Hat reported a vulnerability in token creation error handling in Keystone. By requesting lots of invalid tokens, an unauthenticated user may fill up logs on Keystone API servers disks, potentially resulting in a denial of service attack against Keystone.

Patches¶

https://review.openstack.org/#/c/21216 (Essex)
https://review.openstack.org/#/c/21215 (Folsom)
https://review.openstack.org/#/c/21213 (Grizzly)

Credits¶

Dan Prince from Red Hat (CVE-2013-0247)

References¶

this page last updated: 2024-10-03 16:29:15

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.