The shared token that is used to bootstrap keystone is a hardcoded value. This only used as a fallback (default value in function signature) This use case is not triggered when keystone is configured in any documented or supported configuration for more information, see: - https://bugs.launchpad.net/ossn/+bug/1545789 - https://wiki.openstack.org/wiki/OSSN/OSSN-0064
Statement: Red Hat Product Security has rated this issue as having Low security impact. In versions of openstack-keystone shipped with Red Hat Enterprise Linux OpenStack Platform 6, 7 and Red Hat OpenStack Platform 8 the condition required to create a vulnerable scenario was never met. While it is possible to create a vulnerable scenario, the level of access required to create the scenario exceeds that of the access obtained. This issue did not affect versions of openstack-keystone shipped with Red Hat OpenStack Platform 9 and 10. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.