CVE-2018-20170

Published: Dec 17, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory

Affected (1)

Products: Openstack: Keystone

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Keystone	Up to 14.0.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://bugs.launchpad.net/keystone/+bug/1795800

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://bugs.launchpad.net/keystone/+bug/1795800

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.