Bug 843311 (CVE-2012-3426)

Summary: CVE-2012-3426 OpenStack-Keystone: token expiration issues
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apevec, jrusnack, markmc, pbrady, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20120727,reported=20120615,source=distros,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,fedora-all/openstack-keystone=affected,epel-6/openstack-keystone=affected,cwe=CWE-613
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-12 19:12:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 836072    

Description Kurt Seifried 2012-07-26 03:04:33 UTC
Thierry Carrez (thierry@openstack.org) of the OpenStack project reports:

Derek Higgins reported various issues affecting Keystone token
expiration. A token expiration date can be circumvented by
continuously creating new tokens before the old one has expired.
Existing tokens also remain valid after a user account is disabled or
after an account password changed. An authenticated and authorized
user could potentially leverage those vulnerabilities to extend his
access beyond the account owner expectations.

Folsom fixes:
http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

Essex fixes:
http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de

Comment 2 Vincent Danen 2012-07-27 17:59:44 UTC
This is now public:

http://article.gmane.org/gmane.comp.security.oss.general/8058