Launchpad CVE tracker

CVE 2013-2104

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

Related bugs and status

CVE-2013-2104 (Candidate) is related to these bugs:

Bug #1179615: [OSSA 2013-014] auth_token middleware neglects to check expiry of signed token

		In	Importance	Status
1179615	[OSSA 2013-014] auth_token middleware neglects to check expiry of signed token	python-keystoneclient	Critical	Fix Released
1179615	[OSSA 2013-014] auth_token middleware neglects to check expiry of signed token	OpenStack Identity (keystone)	Undecided	Invalid
1179615	[OSSA 2013-014] auth_token middleware neglects to check expiry of signed token	OpenStack Identity (keystone) folsom	Critical	Fix Released
1179615	[OSSA 2013-014] auth_token middleware neglects to check expiry of signed token	OpenStack Security Advisory	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2104

References