Описание
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | |
| cosmic | ignored | end of life |
| devel | ignored | |
| disco | ignored | |
| eoan | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| esm-infra/bionic | ignored | |
| esm-infra/xenial | ignored | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory
** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.
5 Medium
CVSS2
5.3 Medium
CVSS3